| From: | Marko Kreen <markokr(at)gmail(dot)com> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Bruno Wolff III <bruno(at)wolff(dot)to>, Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: [HACKERS] Inconsistent syntax in GRANT |
| Date: | 2006-01-06 17:11:27 |
| Message-ID: | e51f66da0601060911i314b0fabxda60fbd949f4f9a2@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
On 1/6/06, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> wrote:
> Bruno Wolff III wrote:
> > It might be nice to split nextval and currval access as well. nextval access
> > corresponds to INSERT and currval access to SELECT.
>
> Uh, that is already in the code. nextval()/setval() is UPDATE, and
> currval() is SELECT.
This seems weird. Shouldn't nextval/currval go together and setval
separately?
Considering there's no currval() without nextval(), what point
is disallowing currval() when user is able to call nextval()?
I rather want to allow nextval/currval and disable setval as it
allows regular user to DoS the database.
--
marko
[removing Tom from CC as he bounces gmail]
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2006-01-06 17:13:55 | Re: [HACKERS] Inconsistent syntax in GRANT |
| Previous Message | Jeremy Drake | 2006-01-06 17:11:12 | Re: catalog corruption bug |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2006-01-06 17:13:55 | Re: [HACKERS] Inconsistent syntax in GRANT |
| Previous Message | Magnus Hagander | 2006-01-06 16:07:40 | Re: display and expression of the home directory in Win32 |