Sean Chittenden <[EMAIL PROTECTED]> writes:
>> I would NOT call it a "security" provision, as it is fairly easily
>> defeated using SET TRANSACTION.

> Um, why not make it an actual full blown security feature by applying
> the following patch?

It's not intended to be a security measure, and I would strongly resist
any attempt to make it so along the lines you propose.  I do not want to
try to base real security on GUC settings.  The GUC mechanism is not
designed to be unsubvertible, it's designed to allow convenient
administration of a bunch of settings.

In any case, we already have mechanisms for preventing specific users
from altering data: that's what GRANT/REVOKE are for.  I don't think
anyone would have bothered with START TRANSACTION READ ONLY if it
weren't required by the SQL spec.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Reply via email to