Postgres Pro
Downloads
Home   >   mailing lists

Re: Why do I need to set UPDATE permissions for fkey check? - Mailing list pgsql-sql

From JanWieck@t-online.de (Jan Wieck)
Subject Re: Why do I need to set UPDATE permissions for fkey check?
Date
Msg-id 200007220901.LAA08299@hot.jw.home
Whole thread Raw
In response to Re: Why do I need to set UPDATE permissions for fkey check?  (Jon Lapham <jlapham@gandalf.bioqmed.ufrj.br>)
List pgsql-sql
Tree view 
Jon Lapham wrote:
> On Fri, Jul 21, 2000 at 02:00:00PM -0700, Stephan Szabo wrote:
> >
> > It's a known problem in the foreign key code.  The reason is that
> > the fk triggers use SELECT FOR UPDATE to select the matching
> > rows that it is checking and the reason for using FOR UPDATE is
> > to lock those rows so that someone cannot delete/change them out
> > from under your nose while you're looking at them.  However,
> > SELECT FOR UPDATE is asking for update permissions because it
> > grabs that row lock.
>
> Oh, okay, I understand your explanation, and it fits with what I am
> seeing.
>
> But...
>
> ...this is a READ ONLY table!  Maybe it would be possible to have the fkey
> triggers look to see if the table is read-only, and then simply use SELECT
> instead of SELECT FOR UPDATE and then not perform the row locking?  Since
> this is a read-only table, there would be no risk of deleting/changing any
> of the data.  Yeah, I realize that with this solution, you cannot
> guarantee that the table doesn't become 'writable' sometime during the
> fkey lookup.
   The  problem  only  exists for concurrent access. If the rows   don't get locked,  any  user  with  write
permissions could   delete  a  row where another one actually inserts a reference   for.  And  you  cannot  take  write
permissions  away   from   superusers.  This  would  violate  the constraint "silently",   because the "check" on the
fkeytable is  already  done,  but   the  insert not yet committed, while the "referential action"   on the pkey table
sawno references and permits deletion.
 

> It would seem to me that this is a serious problem.  I absolutely cannot
> have my data table be writable, and I need to maintain fkey integrity.
> Urg.... this is very bad, the fkey integrity check is the reason I
> installed Pg v7.  I would think that keeping read-only static data table
> would be a common database occurance, any suggestions on how to get around
> this issue?  Possibly with a (gulp) permissions switching trigger (gulp)?
   It is a serious problem, indeed.
   I'll post a proposal to fix it for 7.1 in a separate message.   I have something in mind so far, but need to play
aroundwith   the code before knowing all the odds and ends.
 


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #

pgsql-sql by date:

Previous
From: sathya priya
Date:
Subject: query optimazation & starting postmaster with -B option
Next
From: JanWieck@t-online.de (Jan Wieck)
Date:
Subject: Re: create function - user permissions