Re: Insert..returning (was Re: Re: postgres TODO)

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: Insert..returning (was Re: Re: postgres TODO)
Дата
Msg-id 23124.963420431@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: Insert..returning (was Re: Re: postgres TODO)  (Philip Warner <pjw@rhyme.com.au>)
Ответы Re: Insert..returning (was Re: Re: postgres TODO)
Список pgsql-hackers
Philip Warner <pjw@rhyme.com.au> writes:
>> I think the thing he has in mind is the situation where one has insert
>> perms but not select.

Exactly --- and that's a perfectly reasonable setup in some cases (think
blind mailbox).  INSERT ... RETURNING should require both insert and
select privileges IMHO.

> I would be inclined to follow the perms; is there a problem with that? You
> should not let them read the row they inserted since it *may* contain
> sensitive (automatically generated) data - the DBA must have had a reason
> for preventing SELECT.

It would be a pretty stupid app that would be using INSERT ... RETURNING
to obtain the data that it itself is supplying.  The only reason I can
see for the feature is to get hold of automatically-generated column
values.  Thus, obeying select permissions is relevant.
        regards, tom lane


В списке pgsql-hackers по дате отправления:

Предыдущее
От: "Ross J. Reedstrom"
Дата:
Сообщение: Re: 7.0.2 issues / Geocrawler
Следующее
От: "Ross J. Reedstrom"
Дата:
Сообщение: Re: 7.0.2 issues / Geocrawler