Robert Haas <robertmh...@gmail.com> writes:
> ....and that's bad. More generally, the system security policy is
> designed to answer questions about whether it's OK to transition from
> A->B, and the fact that A->B is OK does not mean that B->A is OK, but
> our GUC mechanism pretty much forces you to allow both of those
> things, or neither.
More to the point, a GUC rollback transition *has to always succeed*.
Period. Now, the value that it's trying to roll back to was presumably
considered legitimate at some previous time, but if you're designing a
system that is based purely on state transitions it could very well see
the rollback transition as invalid. That is just going to be too
fragile to be acceptable.
I think that this will have to be set up so that it understands the
difference between a forward transition and a rollback and only checks
the former. If that's not possible, this is not going to get in.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
