From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [PATCH] remove redundant ownership checks |
Date: | 2010-01-13 19:54:49 |
Message-ID: | 2999.1263412489@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Wed, Jan 13, 2010 at 1:34 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> If I thought this patch represented incremental movement in the
>> direction of a better security-check factorization, I'd be fine with it,
>> but that's not clear either. The argument for it is that these checks
>> are redundant with some other ones, but why should we remove these and
>> not the other ones instead?
> That's a good question, and I have an answer [ namely that ALTER TABLE
> is the right place ].
But note Stephen Frost's concurrent reply suggesting that he wants to
move the checks *out* of ALTER TABLE. With his plan, these checks
are probably in the right place already.
I'm a little worried by Stephen's plan, mainly because I'm concerned
that it would lead to ALTER TABLE taking exclusive lock on a table long
before it gets around to checking permissions. Still, that's just
extending a window that exists now.
Anyway, this is the sort of thing that should be hashed out before
starting to write code. Adding or removing security checks is not
the hard part, the hard part is deciding where they should be.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | James William Pye | 2010-01-13 20:06:58 | Re: plpython3 |
Previous Message | Sergej Galkin | 2010-01-13 19:53:30 | segmentation fault in function |