Hi Tom,
Thanks for the response.
On Saturday, February 1, 2003, at 03:09 PM, Tom Lane wrote:
> Matthew Horoschun <mhoroschun@canprint.com.au> writes:
>> My understanding is that I need to GRANT the UPDATE privilege on the
>> SEQUENCE if I want a user to be able to to use nextval() on it. The
>> trouble is, if they can do a nextval() they can also do a setval()
>
> So? With enough time on your hands, you can apply nextval() often
> enough to get from any point A to any point B. It seems illusory
> to think that forbidding setval() makes things more secure.
Absolutely, You're right. nextval() is just as troublesome.
I don't want to arbitrarily restrict access to setval(). I just want a
safer way of handling automatic allocation of primary keys on certain
tables.
Should I just avoid SEQUENCES altogether and use the OIDs under normal
circumstances and the MAX( id ) + 1 style thing when I need a
human-usable number?
Matthew.