Re: document the dangers of granting TRIGGER or REFERENCES

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Greg Sabino Mullane <htamfids(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: document the dangers of granting TRIGGER or REFERENCES
Date: 2026-07-14 17:14:15
Message-ID: CA+Tgmobe+4uxn9zxHoATWZ0HWW7LiU8Nc7SQd+dqQARWc=3rLw@mail.gmail.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Jul 14, 2026 at 11:54 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Greg Sabino Mullane <htamfids(at)gmail(dot)com> writes:
> > On Tue, Jul 14, 2026 at 9:54 AM Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> >> IMHO, apart from patching the documentation, the other thing we might
> >> want to consider doing is removing one or both of these privileges
> >> entirely, and making them part of table ownership.
>
> > Big +1 for references.
>
> REFERENCES is required by SQL spec, no?
>
> (hmm, actually, TRIGGER is too ...)

I presume so, but what concerns me is that I don't see a way that
either of them could be unproblematic from a security standpoint, and
therefore they seem like attractive nuisances rather than actually
valuable features to me. That said, I don't want to get sidetracked
into a big argument about potentially removing them; I'm content to
document the problem for now.

--
Robert Haas
EDB: http://www.enterprisedb.com

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Greg Burd 2026-07-14 17:53:06 Re: [PATCH] Batched clock sweep to reduce cross-socket atomic contention
Previous Message Nathan Bossart 2026-07-14 16:57:56 Re: document the dangers of granting TRIGGER or REFERENCES