On 03/16/2014 12:32 PM, Greg Stark wrote:
> I would consider adding something like "For the problem to occur a
> foreign key from another table must exist and a new row must be added
> to that other table around the same time (possibly in the same
> transaction) as an update to the referenced row" That would help
> people judge whether their databases are vulnerable. If they don't
> have foreign keys or if they have a coding pattern that causes this to
> happen regularly then they should be able to figure that out and
> possibly disable them if they can't update promptly.
I don't think that will actually help people know whether they're
vulnerable without a longer explanation.
It's starting to sound like we need a wiki page for this release?
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com