On Sunday, August 18, 2013 5:41:01 PM UTC-7, Iain Barnett wrote: > > Hi all, > > The documentation for Model unrestrict_primary_key states: > > > Using this method can open up security issues, be very careful before > using it. > > May I ask what these could be? I've a table I'd like to vertically > partition, and on the newly created second table use the same primary key > value as the first, so this method has obvious appeal. >
Let's say you have code that does: model = Model[1] model.update(params[:model]) By passing in the right params, you can have that update call affect a row with an arbitrary primary key. By default, Sequel::Model is designed to be used with surrogate primary keys, where you shouldn't modify the primary keys manually. Hence the reason for how inserting works in Sequel::Model (insert row, get autoincremented primary key, refresh). If you are using natural primary keys, where you will be setting the primary keys manually, then it makes sense to not restrict the setting of primary keys. Thanks, Jeremy -- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sequel-talk. For more options, visit https://groups.google.com/groups/opt_out.
