| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Jan Wieck <jan(at)wi3ck(dot)info> |
| Cc: | Nikolay Samokhvalov <samokhvalov(at)gmail(dot)com>, Perry Smith <pedz(at)easesoftware(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: What have I done!?!?!? :-) |
| Date: | 2022-04-08 13:10:40 |
| Message-ID: | CABUevEwdXwUZtDBE-fPCsNoHstcvzaFdNwAiVim2jU0WgsAuPw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Apr 8, 2022 at 3:07 PM Jan Wieck <jan(at)wi3ck(dot)info> wrote:
> On 4/8/22 08:58, Magnus Hagander wrote:
> > A side-note on this, which of course won't help the OP at this point,
> > but if the general best practice of not running the application with a
> > highly privileged account is followed, the problem won't occur (it will
> > just fail early before breaking things). DISABLE TRIGGER ALL requires
> > either ownership of the table or superuser permissions, none of which
> > it's recommended that the application run with. Doesn't help once the
> > problem has occurred of course, but can help avoid it happening in the
> > future.
>
> It gets even better further down in that code, where it UPDATEs
> pg_constraint directly. That not only requires superuser but also catupd
> permissions (which are separate from superuser for a reason).
>
Indeed.The fact that's in the code is sadly an indicator of how many
people run their app as superuser :(
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2022-04-08 13:12:40 | Re: Support logical replication of DDLs |
| Previous Message | Jan Wieck | 2022-04-08 13:07:39 | Re: What have I done!?!?!? :-) |