Re: Delete rule does not prevent truncate
| От | Adrian Klaver |
|---|---|
| Тема | Re: Delete rule does not prevent truncate |
| Дата | |
| Msg-id | 55B18A7D.3040708@aklaver.com обсуждение исходный текст |
| Ответ на | Re: Delete rule does not prevent truncate (Rob Sargent <robjsargent@gmail.com>) |
| Список | pgsql-general |
On 07/23/2015 05:37 PM, Rob Sargent wrote: > On 07/23/2015 06:27 PM, Adrian Klaver wrote: >> On 07/23/2015 05:08 PM, Rob Sargent wrote: >>> On 07/23/2015 04:15 PM, Karsten Hilbert wrote: >>>> On Thu, Jul 23, 2015 at 12:28:32PM -0600, Rob Sargent wrote: >>>> >>>>> I'm suggesting OP might find changing truncate statements to deletes >>>>> (without a where clause) a simpler solution. Something has to change. >>>> Well, OP isn't looking for a solution to "delete all rows" >>>> but rather to _prevent_ deletion. >>>> >>>> Tim can't go forth and tell Blackhats to "please use DELETE >>>> rather than TRUNCATE", right ? >>>> >>>> AFAICT it'd be more useful to advise OP to revoke TRUNCATE >>>> rights on tables. >>>> >>>> Karsten >>> Not sure about Tim and the Blackhats (there's a band name in there >>> somewhere) but Wouldn't OP have exact same code to fix, one way or >>> another? >>> >> >> I think the point was, the OP(Tim) might not have access to the code >> that is trying to TRUNCATE. This could be because it is coming from >> authorized users who are writing their own code or unauthorized >> users(Blackhats) who are trying to sneak code in. >> >> > Fair enough but both blackhats and the authorized are just as likely to > drop the database as truncate something (intentionally or not) and > backups stashed everywhere is the first order of business. Well that is a different crisis and not covered by rules or triggers:) -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: