Re: ADD FOREIGN KEY (was Re: [GENERAL] 7.4Beta)

Stephan Szabo wrote:
> On Tue, 30 Sep 2003, Tom Lane wrote:
>
>> I see where Stephan is coming from, but in my mind disabling consistency
>> checks ought to be a feature reserved to the DBA (ie superuser), who
>> presumably has some clue about the tradeoffs involved. I don't think
>> ordinary users should be able to do it. If we can get the cost of
>> performing the initial check down to something reasonable (and I don't
>> mean "near zero", I mean something that's small in comparison to the
>> other costs of loading data and creating indexes), then I think we've
>> done as much as we should do for ordinary users.
>
> Limiting the cases under which constraint ignoring works is certainly
> fine by me, but I was assuming that we were trying to make it accessable
> to any restore. If that's not true, then we don't need to worry about that
> part of the issue.

It is not true.

Fact is that restoring can require more rights than creating the dump.
That is already the case if you want to restore anything that contains
objects owned by different users. Trying to enable everyone who can take
a dump also to restore it, by whatever mechanism, gives someone the
right to revert things in time and create a situation (consistent or
not) that he could not (re)create without doing dump/restore. This is
wrong and should not be possible.

Jan

--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #