Re: Updatable view (where in) with check option doesn't validate data properly

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Nicolas M <kiruahxh(at)gmail(dot)com>
Cc: pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: Updatable view (where in) with check option doesn't validate data properly
Date: 2021-12-16 01:05:54
Message-ID: 843836.1639616754@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Nicolas M <kiruahxh(at)gmail(dot)com> writes:
> create or replace view viewSimpleA as select * from tableA where name
> like 'a%'with check option;

[ behaves as expected ]

> create or replace view viewA as select * from tableAwhere db_record_id in (
> select db_record_id from tableA
> where name like 'a%'
> ) with check option;

[ not so much ]

I don't think this is a bug. The problem is that we handle
WITH CHECK OPTION by seeing whether the proposed new tuple
value satisfies the view's WHERE clause. But the new tuple
isn't yet stored, or at least isn't yet visible, so that
that sub-select still finds the old row contents (or fails
to find any row at all, in your first test).

We could maybe hack our way to fixing that in the specific
case you show here, but I'm not very excited about that,
because this usage of WITH CHECK OPTION seems inherently
unsafe. For example, if we permit an update based on the
fact that there's currently a row with "name like 'a%'",
there's no way to be certain that some other transaction
hasn't concurrently changed or deleted that row. That'd
lead to inconsistency once both transactions commit.

In general I think that expecting WITH CHECK OPTION to
enforce non-immutable conditions is pretty hazardous,
for largely the same reasons that a non-immutable CHECK
constraint is hazardous. We don't stop you from declaring
such a constraint, but it's likely to bite you in the rear.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message PG Bug reporting form 2021-12-16 06:12:11 BUG #17338: pgaudit ddl audit logging show clear text password when create user mapping
Previous Message Nicolas M 2021-12-15 14:09:35 Updatable view (where in) with check option doesn't validate data properly