On Saturday, December 03, 2011 01:09:48 AM Alvaro Herrera wrote: > Excerpts from Andres Freund's message of vie dic 02 19:09:47 -0300 2011: > > Hi all, > > > > There is also the point about how permission checks on the actual > > commands (in comparison of modifying command triggers) and such are > > handled: > > > > BEFORE and INSTEAD will currently be called independently of the fact > > whether the user is actually allowed to do said action (which is > > inconsistent with data triggers) and indepentent of whether the object > > they concern exists. > > > > I wonder if anybody considers that a problem? > > Hmm, we currently even have a patch (or is it already committed?) to > avoid locking objects before we know the user has permission on the > object. Getting to the point of calling the trigger would surely be > even worse. Well, calling the trigger won't allow them to lock the object. It doesn't even confirm the existance of the table.
Andres -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
