Re: Postgres Permissions Article
Paul A Jungwirth <pj@illuminatedcomputing.com>
From: Paul Jungwirth <pj@illuminatedcomputing.com>
To: pgsql-general@postgresql.org
Date: 2017-03-29T15:05:23Z
Lists: pgsql-hackers, pgsql-general
On 03/29/2017 06:36 AM, Tom Lane wrote: > Karsten Hilbert <Karsten.Hilbert@gmx.net> writes: >> Being able to create foreign keys may allow to indirectly >> discover whether certain values exists in a table which I >> don't otherwise have access to (by means of failure or >> success to create a judiciously crafted FK). > > Aside from that, an FK can easily be used to cause effective > denial-of-service, for example preventing rows from being deleted > within a table, or adding enormous overhead to such a deletion. Thank you both for taking a look! I agree those are both worthwhile concerns. It still seems a little strange it is not just part of the CREATE permission (for example). I understand why not everyone can create a foreign key, I just have trouble imagining a use case where it is helpful to separate it from other DDL commands. Anyway, I didn't write the article to nitpick details like that, but sometimes by asking "why" you learn new things. I really appreciate your offering your thoughts! Paul
Commits
-
For foreign keys, check REFERENCES privilege only on the referenced table.
- 64d4da511c01 10.0 landed