Home > mailing lists

Re: Inheritance of foregn key constraints. - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Inheritance of foregn key constraints.
Date	March 22, 2014 18:14:06
Msg-id	18757.1395501236@sss.pgh.pa.us Whole thread Raw
In response to	Re: Inheritance of foregn key constraints. (Andrzej Mazurkiewicz <andrzej@mazurkiewicz.org>)
Responses	Re: Inheritance of foregn key constraints. (Andrzej Mazurkiewicz <andrzej@mazurkiewicz.org>)
List	pgsql-hackers

Tree view

Andrzej Mazurkiewicz <andrzej@mazurkiewicz.org> writes:
>> So in other words, somebody could (accidentally or maliciously) break the
>> constraint by dropping one of its implementation triggers.  I doubt that's
>> acceptable.

> The present postgres behavior ALLOWS accidental or malicious break the 
> constraint by dropping one of its implementation triggers. Please ref. to the 
> following example.
> The following script has been run by the postgres user.

Well, right there you lost me, because superusers are exempt from all
permissions checks by definition; and in particular, direct manipulations
of the system catalogs by superusers are always out of scope for
discussions of what the system should try to protect itself against.
(Try "delete from pg_proc;" in a scratch database sometime.)

My point is that without the internal dependency, a normal user could do
standard SQL commands (ie DROP TRIGGER) and break the FK that way.
That's the case that's not acceptable.
        regards, tom lane

pgsql-hackers by date:

From: Thom Brown
Date: 22 March 2014, 18:14:02
Subject: Re: Partial index locks

From: Piotr Stefaniak
Date: 22 March 2014, 18:53:45
Subject: Re: Review: plpgsql.extra_warnings, plpgsql.extra_errors

Re: Inheritance of foregn key constraints. - Mailing list pgsql-hackers

Previous

Next