Re: Referential integrity vulnerability in 8.3.3

From: David Fetter <david(at)fetter(dot)org>
To: Sergey Konoplev <gray(dot)ru(at)gmail(dot)com>
Cc: Richard Huxton <dev(at)archonet(dot)com>, pgsql-general(at)postgresql(dot)org
Subject: Re: Referential integrity vulnerability in 8.3.3
Date: 2008-07-15 17:17:09
Message-ID: 20080715171709.GB5623@fetter.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Tue, Jul 15, 2008 at 06:02:27PM +0400, Sergey Konoplev wrote:
> >>
> >> Yes it is. But it the way to break integrity cos rows from table2 still
> >> refer to deleted rows from table1. So it conflicts with
> >> ideology isn't it?
> >
> > Yes, but I'm not sure you could have a sensible behaviour-modifying BEFORE
> > trigger without this loophole. Don't forget, ordinary users can't work
> > around this - you need suitable permissions.
> >
> > You could rewrite PG's foreign-key code to check the referencing table after
> > the delete is supposed to have taken place, and make sure it has. That's
> > going to halve the speed of all your foreign-key checks though.
> >
>
> I'm not sure I've understood you right, sorry. Does "rewrite PG's
> foreign-key code" mean DDL? If it does how could I do this?

The code you posted is a clear case of doing things wrong
deliberately. In order to prevent this error, you would need to
rewrite large parts of Postgres's code which checks referential
integrity, and there would still be things that deliberately wrong
DDL, triggers, rules, etc. could do.

Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Bob Pawley 2008-07-15 18:31:18 pg_dump
Previous Message Josh Berkus 2008-07-15 16:06:43 Re: [pgsql-advocacy] Pg booth staffing at OSCON