Re: PoC: Make it possible to disallow WHERE-less UPDATE and DELETE

On 27/07/16 03:15, Peter Eisentraut wrote:
> On 7/26/16 6:14 PM, Vik Fearing wrote:
>> As mentioned elsewhere in the thread, you can just do WHERE true to get
>> around it, so why on Earth have it PGC_SUSET?
> 
> I'm not sure whether it's supposed to guard against typos and possibly
> buggy SQL string concatenation in application code.  So it would help
> against accidental mistakes, whereas putting a WHERE TRUE in there would
> be an intentional override.

If buggy SQL string concatenation in application code is your argument,
quite a lot of them add "WHERE true" so that they can just append a
bunch of "AND ..." clauses without worrying if it's the first (or last,
whatever), so I'm not sure this is protecting anything.
-- 
Vik Fearing                                          +33 6 46 75 15 36
http://2ndQuadrant.fr     PostgreSQL : Expertise, Formation et Support