| From: | Paul Jungwirth <pj(at)illuminatedcomputing(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Postgres Permissions Article |
| Date: | 2017-03-29 15:05:23 |
| Message-ID: | 9d08ec34-0e6b-41de-b929-9c09a5df7915@illuminatedcomputing.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
On 03/29/2017 06:36 AM, Tom Lane wrote:
> Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net> writes:
>> Being able to create foreign keys may allow to indirectly
>> discover whether certain values exists in a table which I
>> don't otherwise have access to (by means of failure or
>> success to create a judiciously crafted FK).
>
> Aside from that, an FK can easily be used to cause effective
> denial-of-service, for example preventing rows from being deleted
> within a table, or adding enormous overhead to such a deletion.
Thank you both for taking a look! I agree those are both worthwhile
concerns. It still seems a little strange it is not just part of the
CREATE permission (for example). I understand why not everyone can
create a foreign key, I just have trouble imagining a use case where it
is helpful to separate it from other DDL commands. Anyway, I didn't
write the article to nitpick details like that, but sometimes by asking
"why" you learn new things. I really appreciate your offering your thoughts!
Paul
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Crawford | 2017-03-29 15:49:57 | Handling psql lost connections |
| Previous Message | Stefan Smith | 2017-03-29 14:38:52 | Logical Replication: adjacent COMMIT messages with the wrong StartLSN |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-03-29 15:07:18 | Re: [COMMITTERS] pgsql: Improve access to parallel query from procedural languages. |
| Previous Message | Stephen Frost | 2017-03-29 15:05:13 | Re: Monitoring roles patch |