Sean Chittenden wrote:
> > > > Um, why not make it an actual full blown security feature by
> > > > applying the following patch? This gives PostgreSQL real read
> > > > only transactions that users can't escape from. Notes about the
> > > > patch:
> > >
> > > Way nifty.
> > >
> > > I vote in favor of this patch (suitably documented & debugged) for 7.5.
> >
> > Heh, there ain't much to debug: it's pretty straight forward. I ran
> > all the use cases/syntaxes I could think of and they worked as
> > expected. It's a pretty chump little ditty that I originally wrote
> > for the sake of the 7.4 PR, but it's proving to be quite useful here
> > in my tree... though I like the name "jail_read_only_transactions"
> > more... patch updated for new name.
>
> Err.. and attached. -sc
I assume this patch is to control this way of breaking out of a
read-only transaction:
test=> START TRANSACTION READ ONLY;
START TRANSACTION
test=> CREATE TABLE x(y INT);
ERROR: transaction IS read-only
test=> COMMIT;
COMMIT
test=> START TRANSACTION READ ONLY;
START TRANSACTION
test=> SET transaction_read_only = FALSE;
SET
test=> CREATE TABLE x (y INT);
CREATE TABLE
test=> COMMIT;
COMMIT
This seems like a valuable feature, as others have mentioned. However,
should it also prevent changes to default_transaction_read_only?
What is the use case for this functionality?
Seems someone could easily break out of this by doing:
test=> START TRANSACTION READ ONLY;
START TRANSACTION
test=> COMMIT;
COMMIT
test=> START TRANSACTION;
START TRANSACTION
test=> CREATE TABLE x (y INT);
CREATE TABLE
This shows that default_transaction_read_only probably has to be
restricted too by the same variable.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
