Re: Foreign keys breaks tables permissions

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Jan Wieck <wieck(at)debis(dot)com>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>, pgsql-sql(at)postgresql(dot)org
Subject: Re: Foreign keys breaks tables permissions
Date: 2000-05-21 16:45:20
Message-ID: Pine.LNX.4.21.0005201947120.423-100000@localhost.localdomain
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs pgsql-hackers pgsql-sql

Tom Lane writes:

> This is perhaps the least undesirable of the choices we have, but it's
> still a security hole.

The reason this concerns me is that requiring update rights on the
referenced table eliminates much the benefit of foreign keys from an
administration point of view: If the primary keys can be updated freely,
they no longer constrain the data in the referencing table effectively.

I suppose we'll have to live with that for now but I'd suggest that it be
put on the TODO list somewhere.

--
Peter Eisentraut Sernanders väg 10:115
peter_e(at)gmx(dot)net 75262 Uppsala
http://yi.org/peter-e/ Sweden

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2000-05-21 17:12:34 Re: Foreign keys breaks tables permissions
Previous Message Tom Lane 2000-05-19 17:44:15 Re: Foreign keys breaks tables permissions

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2000-05-21 16:45:46 Re: [HACKERS] Postgresql OO Patch
Previous Message Peter Eisentraut 2000-05-21 16:45:04 No more <<EOF>>

Browse pgsql-sql by date

  From Date Subject
Next Message Mitch Vincent 2000-05-21 16:59:14 Full text indexing (and errors!)
Previous Message Tom Lane 2000-05-21 04:54:17 Re: Adding many rows to a table.