Neil Conway <[EMAIL PROTECTED]> writes:
> The only objection I can see is that it arguably doesn't obey sequence 
> permissions: you need SELECT on a sequence to see its currval(), whereas 
> lastval() would return the same information without an equivalent 
> permission check.

Interesting point ... the nextval() could have been done inside a
SECURITY DEFINER function that has more privilege than the user of
lastval() has.  I'm not sure that this is a very interesting information
leak, mind you, but it's something to consider.

You could fix that by remembering exactly which sequence produced
the lastval and checking its permissions ... of course that brings
back the issue of what happens if the sequence has been dropped ...

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Reply via email to