Re: document the dangers of granting TRIGGER or REFERENCES

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Nathan Bossart <nathandbossart(at)gmail(dot)com>
Cc: "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: document the dangers of granting TRIGGER or REFERENCES
Date: 2026-07-14 14:35:38
Message-ID: CA+TgmoaeJwPnwn7bf8NK8WoZ-T7TA6Sq+TTv0qkYL=ALpS3=hQ@mail.gmail.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Jul 14, 2026 at 10:24 AM Nathan Bossart
<nathandbossart(at)gmail(dot)com> wrote:
> +1. I wonder if we should promote these to <note> or even <warning>.
> While I'm hesitant to pepper the docs with too many more of those, this
> seems like the sort of thing we don't want users to miss.

I'm not going to fight you on that tooth and nail if you really want
to do it that way, but I don't see much point. The paragraphs to which
I propose to add this information are currently just one sentence long
each, and with this patch they will be two sentences each. Probably we
don't need markup for people to notice the second sentence.

Also, while there may very well be people who have legitimately been
unpleasantly surprised by the actual behavior here, an awful lot of
the "people" currently discovering the situation here are in fact just
looking for a way to manufacture a security report. As long as we have
a statement of some kind in the docs, we can just point to that. It
doesn't need to be particularly prominent -- although I'm not trying
to conceal it, either. I didn't find a more natural place to mention
this than where I actually put it.

--
Robert Haas
EDB: http://www.enterprisedb.com

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bohyun Lee 2026-07-14 14:42:13 Re: [PATCH] pg_upgrade: add --initdb option to create the new cluster automatically
Previous Message Nathan Bossart 2026-07-14 14:24:29 Re: document the dangers of granting TRIGGER or REFERENCES