Robert Haas <robertmh...@gmail.com> writes: > 2. Foreign-key constraints. > (A) If you have update or delete privileges on a table that is > referenced by foreign keys, you might be able to infer the existence > of a hidden, referring row because your update or delete fails.
Also the other direction (insert or update on the referencing table lets you infer contents of the referenced table). > Is there anything else? If we ever had SQL-spec ASSERTIONS, they'd create hard-to-analyze issues of this sort. I've also seen people abuse CHECK constraints in ways that expose data cross-row (they shouldn't do so, but...) > Also, don't problems 2(A) and 2(B) already exist with just table-level > DAC? What happens today if you give permission on the referring table > but not the referred-to table, or the other way around? I'm repeating myself, but: the reason it isn't a problem now is that plain SQL doesn't claim to be able to hide the existence of data. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers