| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Marko Kreen <markokr(at)gmail(dot)com> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: [HACKERS] Inconsistent syntax in GRANT |
| Date: | 2006-01-06 18:42:09 |
| Message-ID: | 20060106184209.GB28902@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
On Fri, Jan 06, 2006 at 19:11:27 +0200,
Marko Kreen <markokr(at)gmail(dot)com> wrote:
> On 1/6/06, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> wrote:
>
> Considering there's no currval() without nextval(), what point
> is disallowing currval() when user is able to call nextval()?
>
> I rather want to allow nextval/currval and disable setval as it
> allows regular user to DoS the database.
What I was thinking with this, is that you might allow someone the ability
to insert records into a table which would make use of nextval, but not
allow them to run nextval directly. But after inserting a record allow them
to use currval to see what value was assigned.
People could still mess with things by doing INSERTs and aborting the
transaction, so this may not be the best example for why you would want this.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2006-01-06 18:46:46 | Re: [HACKERS] Inconsistent syntax in GRANT |
| Previous Message | Tom Lane | 2006-01-06 18:08:00 | Re: Improving N-Distinct estimation by ANALYZE |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2006-01-06 18:46:46 | Re: [HACKERS] Inconsistent syntax in GRANT |
| Previous Message | Hiroshi Saito | 2006-01-06 18:38:38 | Re: display and expression of the home directory in Win32 |