On Fri, Apr 8, 2022 at 3:07 PM Jan Wieck <j...@wi3ck.info> wrote: > On 4/8/22 08:58, Magnus Hagander wrote: > > A side-note on this, which of course won't help the OP at this point, > > but if the general best practice of not running the application with a > > highly privileged account is followed, the problem won't occur (it will > > just fail early before breaking things). DISABLE TRIGGER ALL requires > > either ownership of the table or superuser permissions, none of which > > it's recommended that the application run with. Doesn't help once the > > problem has occurred of course, but can help avoid it happening in the > > future. > > It gets even better further down in that code, where it UPDATEs > pg_constraint directly. That not only requires superuser but also catupd > permissions (which are separate from superuser for a reason). >
Indeed.The fact that's in the code is sadly an indicator of how many people run their app as superuser :( -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
