From: | David Fetter <david(at)fetter(dot)org> |
---|---|
To: | Sergey Konoplev <gray(dot)ru(at)gmail(dot)com> |
Cc: | Richard Huxton <dev(at)archonet(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Referential integrity vulnerability in 8.3.3 |
Date: | 2008-07-15 17:17:09 |
Message-ID: | 20080715171709.GB5623@fetter.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Tue, Jul 15, 2008 at 06:02:27PM +0400, Sergey Konoplev wrote:
> >>
> >> Yes it is. But it the way to break integrity cos rows from table2 still
> >> refer to deleted rows from table1. So it conflicts with
> >> ideology isn't it?
> >
> > Yes, but I'm not sure you could have a sensible behaviour-modifying BEFORE
> > trigger without this loophole. Don't forget, ordinary users can't work
> > around this - you need suitable permissions.
> >
> > You could rewrite PG's foreign-key code to check the referencing table after
> > the delete is supposed to have taken place, and make sure it has. That's
> > going to halve the speed of all your foreign-key checks though.
> >
>
> I'm not sure I've understood you right, sorry. Does "rewrite PG's
> foreign-key code" mean DDL? If it does how could I do this?
The code you posted is a clear case of doing things wrong
deliberately. In order to prevent this error, you would need to
rewrite large parts of Postgres's code which checks referential
integrity, and there would still be things that deliberately wrong
DDL, triggers, rules, etc. could do.
Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
From | Date | Subject | |
---|---|---|---|
Next Message | Bob Pawley | 2008-07-15 18:31:18 | pg_dump |
Previous Message | Josh Berkus | 2008-07-15 16:06:43 | Re: [pgsql-advocacy] Pg booth staffing at OSCON |