On Fri, Nov 01, 2002 at 21:35:40 -0500, Bruce Momjian <[EMAIL PROTECTED]> wrote: > > I think we open up more security problems by having the inserter doing > things as the owner of the table.
With triggers it is a bit hard to decide. Since people other than the table owner can create them, but then they effectively belong to the table owner. I think that makes having them execute as the table owner reasonable. The table owner is taking his chances by letting other people create triggers on his table. For constraints and default expressions I don't see any problems for having them execute as the table owner. This provides a small advantage in providing limited update ability for sequences, that would otherwise require creating a function to achieve. As long as people realize that when they insert, update or delete from a table owned by someone else they need to trust that person it probably isn't a big deal. The descriptions of triggers hint at this but from a different perspective (that of a table owner letting people create triggers on his table) and people might not make the connection (assuming they even read about triggers). ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
