Bruce Momjian <bruce@momjian.us> writes:
> On Wed, Jul 16, 2014 at 07:45:56PM -0400, Tom Lane wrote:
>> I think we should get rid of the separate TRIGGER privilege altogether,
>> not make it an even bigger security hole.
> Uh, how does removing a trigger cause a larger security hole? As long
> as users can create triggers, removal seems logical.
It's bigger in the sense that you can not only add arbitrary actions,
but remove actions that the table owner intended to have happen.
For example, the ability to temporarily suppress entries in a logging
table (by dropping the trigger that makes them, and then putting the
trigger back later to cover one's tracks) could be of considerable use
to a black hat.
regards, tom lane