From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
---|---|
To: | Rob Sargent <robjsargent(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Delete rule does not prevent truncate |
Date: | 2015-07-24 00:44:45 |
Message-ID: | 55B18A7D.3040708@aklaver.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 07/23/2015 05:37 PM, Rob Sargent wrote:
> On 07/23/2015 06:27 PM, Adrian Klaver wrote:
>> On 07/23/2015 05:08 PM, Rob Sargent wrote:
>>> On 07/23/2015 04:15 PM, Karsten Hilbert wrote:
>>>> On Thu, Jul 23, 2015 at 12:28:32PM -0600, Rob Sargent wrote:
>>>>
>>>>> I'm suggesting OP might find changing truncate statements to deletes
>>>>> (without a where clause) a simpler solution. Something has to change.
>>>> Well, OP isn't looking for a solution to "delete all rows"
>>>> but rather to _prevent_ deletion.
>>>>
>>>> Tim can't go forth and tell Blackhats to "please use DELETE
>>>> rather than TRUNCATE", right ?
>>>>
>>>> AFAICT it'd be more useful to advise OP to revoke TRUNCATE
>>>> rights on tables.
>>>>
>>>> Karsten
>>> Not sure about Tim and the Blackhats (there's a band name in there
>>> somewhere) but Wouldn't OP have exact same code to fix, one way or
>>> another?
>>>
>>
>> I think the point was, the OP(Tim) might not have access to the code
>> that is trying to TRUNCATE. This could be because it is coming from
>> authorized users who are writing their own code or unauthorized
>> users(Blackhats) who are trying to sneak code in.
>>
>>
> Fair enough but both blackhats and the authorized are just as likely to
> drop the database as truncate something (intentionally or not) and
> backups stashed everywhere is the first order of business.
Well that is a different crisis and not covered by rules or triggers:)
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
From | Date | Subject | |
---|---|---|---|
Next Message | Melvin Davidson | 2015-07-24 01:21:17 | Re: Schema Help Needed To Get Unstuck |
Previous Message | Rob Sargent | 2015-07-24 00:37:17 | Re: Delete rule does not prevent truncate |