| From: | Gregory Stark <stark(at)enterprisedb(dot)com> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Andrew Gilligan" <andy(at)tcpd(dot)net>, <pgsql-bugs(at)postgresql(dot)org>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: BUG #3921: CREATE TABLE / INCLUDING INDEXES fails with permission denied |
| Date: | 2008-02-01 22:16:23 |
| Message-ID: | 87k5lo9vbc.fsf@oxford.xeocode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
"Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> 1. DefineIndex() treats an omitted tablespace clause differently from
> explicitly specifying the tablespace that is the database's default:
> if you explicitly specify the space then you must have permissions on
> it, otherwise you don't need any. (This is the same behavior as in
> DefineRelation incidentally.) Maybe this isn't such a hot idea, and
> we should treat the two cases interchangeably?
I always thought that was absolutely bizarre. Security should never depend on
*how* you refer to an object. You should either have access to the object or
not regardless of how you refer to it.
--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
Ask me about EnterpriseDB's Slony Replication support!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Maximiliano | 2008-02-01 22:39:39 | BUG #3922: Problems migrating databases. |
| Previous Message | Tom Lane | 2008-02-01 21:25:01 | Re: BUG #3921: CREATE TABLE / INCLUDING INDEXES fails with permission denied |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gurjeet Singh | 2008-02-01 22:26:08 | Re: <IDLE> and waiting |
| Previous Message | Bruce Momjian | 2008-02-01 21:42:57 | Re: pgsql: configure tag'd 8.3.0 and built witih autoconf 2.59 |