public inbox for [email protected]  
help / color / mirror / Atom feed
From: Nico Williams <[email protected]>
To: Laurenz Albe <[email protected]>
Cc: [email protected]
Subject: Re: Wrong security context for deferred triggers?
Date: Tue, 15 Apr 2025 11:16:46 -0500
Message-ID: <Z/6GbqRYBLrkCWR7@ubby> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>

On Mon, Nov 06, 2023 at 02:23:04PM +0100, Laurenz Albe wrote:
>  SET CONSTRAINTS ALL DEFERRED;

Some years ago I wrote and submitted a patch to allow one to create
constraints that are ALWAYS DEFERRED so that they cannot be made
IMMEDIATE with SET CONSTRAINTS ALL IMMEDIATE.  I do think that one could
use SET CONSTRAINTS ALL ... to defeat [poorly-coded, perhaps] security
measures taken by triggers.

An example of where one might want triggers that are always deferred
would be a ledger application requiring double-entry, where one might
use deferred triggers to check that all debits have matching credits at
commit-time.

Nico
-- 





view thread (7+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Wrong security context for deferred triggers?
  In-Reply-To: <Z/6GbqRYBLrkCWR7@ubby>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox