Home > mailing lists

Re: Wrong security context for deferred triggers? - Mailing list pgsql-hackers

From	Nico Williams
Subject	Re: Wrong security context for deferred triggers?
Date	April 15 19:16:46
Msg-id	Z/6GbqRYBLrkCWR7@ubby Whole thread Raw
In response to	Wrong security context for deferred triggers? (Laurenz Albe <laurenz.albe@cybertec.at>)
List	pgsql-hackers

Tree view

On Mon, Nov 06, 2023 at 02:23:04PM +0100, Laurenz Albe wrote:
>  SET CONSTRAINTS ALL DEFERRED;

Some years ago I wrote and submitted a patch to allow one to create
constraints that are ALWAYS DEFERRED so that they cannot be made
IMMEDIATE with SET CONSTRAINTS ALL IMMEDIATE.  I do think that one could
use SET CONSTRAINTS ALL ... to defeat [poorly-coded, perhaps] security
measures taken by triggers.

An example of where one might want triggers that are always deferred
would be a ledger application requiring double-entry, where one might
use deferred triggers to check that all debits have matching credits at
commit-time.

Nico
--

pgsql-hackers by date:

From: Tom Lane
Date: 15 April, 19:13:49
Subject: Re: bug in stored generated column over domain with constraints.

From: Tom Lane
Date: 15 April, 19:18:41
Subject: Re: Fundamental scheduling bug in parallel restore of partitioned tables

Re: Wrong security context for deferred triggers? - Mailing list pgsql-hackers

Previous

Next