Neil Conway <neilc@samurai.com> writes:
> The only objection I can see is that it arguably doesn't obey sequence
> permissions: you need SELECT on a sequence to see its currval(), whereas
> lastval() would return the same information without an equivalent
> permission check.
Interesting point ... the nextval() could have been done inside a
SECURITY DEFINER function that has more privilege than the user of
lastval() has. I'm not sure that this is a very interesting information
leak, mind you, but it's something to consider.
You could fix that by remembering exactly which sequence produced
the lastval and checking its permissions ... of course that brings
back the issue of what happens if the sequence has been dropped ...
regards, tom lane
