Re: Delete rule does not prevent truncate - Mailing list pgsql-general

From Rob Sargent
Subject Re: Delete rule does not prevent truncate
Date
Msg-id 55B188BD.8060008@gmail.com
Whole thread Raw
In response to Re: Delete rule does not prevent truncate  (Adrian Klaver <adrian.klaver@aklaver.com>)
Responses Re: Delete rule does not prevent truncate
Re: Delete rule does not prevent truncate
List pgsql-general
On 07/23/2015 06:27 PM, Adrian Klaver wrote:
On 07/23/2015 05:08 PM, Rob Sargent wrote:
On 07/23/2015 04:15 PM, Karsten Hilbert wrote:
On Thu, Jul 23, 2015 at 12:28:32PM -0600, Rob Sargent wrote:

I'm suggesting OP might find changing truncate statements to deletes
(without a where clause) a simpler solution. Something has to change.
Well, OP isn't looking for a solution to "delete all rows"
but rather to _prevent_ deletion.

Tim can't go forth and tell Blackhats to "please use DELETE
rather than TRUNCATE", right ?

AFAICT it'd be more useful to advise OP to revoke TRUNCATE
rights on tables.

Karsten
Not sure about Tim and the Blackhats (there's a band name in there
somewhere) but Wouldn't OP have exact same code to fix, one way or another?


I think the point was, the OP(Tim) might not have access to the code that is trying to TRUNCATE. This could be because it is coming from authorized users who are writing their own code or unauthorized users(Blackhats) who are trying to sneak code in.


Fair enough but both blackhats and the authorized are just as likely to drop the database as truncate something (intentionally or not) and backups stashed everywhere is the first order of business.

pgsql-general by date:

Previous
From: Adrian Klaver
Date:
Subject: Re: Delete rule does not prevent truncate
Next
From: Adrian Klaver
Date:
Subject: Re: Delete rule does not prevent truncate