Re: Inheritance of foregn key constraints. - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Inheritance of foregn key constraints.
Date
Msg-id 18757.1395501236@sss.pgh.pa.us
Whole thread Raw
In response to Re: Inheritance of foregn key constraints.  (Andrzej Mazurkiewicz <andrzej@mazurkiewicz.org>)
Responses Re: Inheritance of foregn key constraints.
List pgsql-hackers
Andrzej Mazurkiewicz <andrzej@mazurkiewicz.org> writes:
>> So in other words, somebody could (accidentally or maliciously) break the
>> constraint by dropping one of its implementation triggers.  I doubt that's
>> acceptable.

> The present postgres behavior ALLOWS accidental or malicious break the 
> constraint by dropping one of its implementation triggers. Please ref. to the 
> following example.
> The following script has been run by the postgres user.

Well, right there you lost me, because superusers are exempt from all
permissions checks by definition; and in particular, direct manipulations
of the system catalogs by superusers are always out of scope for
discussions of what the system should try to protect itself against.
(Try "delete from pg_proc;" in a scratch database sometime.)

My point is that without the internal dependency, a normal user could do
standard SQL commands (ie DROP TRIGGER) and break the FK that way.
That's the case that's not acceptable.
        regards, tom lane



pgsql-hackers by date:

Previous
From: Thom Brown
Date:
Subject: Re: Partial index locks
Next
From: Piotr Stefaniak
Date:
Subject: Re: Review: plpgsql.extra_warnings, plpgsql.extra_errors