| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Greg Sabino Mullane <htamfids(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: document the dangers of granting TRIGGER or REFERENCES |
| Date: | 2026-07-14 17:14:15 |
| Message-ID: | CA+Tgmobe+4uxn9zxHoATWZ0HWW7LiU8Nc7SQd+dqQARWc=3rLw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jul 14, 2026 at 11:54 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Greg Sabino Mullane <htamfids(at)gmail(dot)com> writes:
> > On Tue, Jul 14, 2026 at 9:54 AM Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> >> IMHO, apart from patching the documentation, the other thing we might
> >> want to consider doing is removing one or both of these privileges
> >> entirely, and making them part of table ownership.
>
> > Big +1 for references.
>
> REFERENCES is required by SQL spec, no?
>
> (hmm, actually, TRIGGER is too ...)
I presume so, but what concerns me is that I don't see a way that
either of them could be unproblematic from a security standpoint, and
therefore they seem like attractive nuisances rather than actually
valuable features to me. That said, I don't want to get sidetracked
into a big argument about potentially removing them; I'm content to
document the problem for now.
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Burd | 2026-07-14 17:53:06 | Re: [PATCH] Batched clock sweep to reduce cross-socket atomic contention |
| Previous Message | Nathan Bossart | 2026-07-14 16:57:56 | Re: document the dangers of granting TRIGGER or REFERENCES |