On 03/16/2014 12:32 PM, Greg Stark wrote: > I would consider adding something like "For the problem to occur a > foreign key from another table must exist and a new row must be added > to that other table around the same time (possibly in the same > transaction) as an update to the referenced row" That would help > people judge whether their databases are vulnerable. If they don't > have foreign keys or if they have a coding pattern that causes this to > happen regularly then they should be able to figure that out and > possibly disable them if they can't update promptly.
I don't think that will actually help people know whether they're vulnerable without a longer explanation. It's starting to sound like we need a wiki page for this release? -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers