On 19 Aug 2013, at 15:49, Jeremy Evans wrote: > On Sunday, August 18, 2013 5:41:01 PM UTC-7, Iain Barnett wrote: > Hi all, > > The documentation for Model unrestrict_primary_key states: > > > Using this method can open up security issues, be very careful before using > > it. > > May I ask what these could be? I've a table I'd like to vertically partition, > and on the newly created second table use the same primary key value as the > first, so this method has obvious appeal. > > Let's say you have code that does: > > model = Model[1] > model.update(params[:model]) > > By passing in the right params, you can have that update call affect a row > with an arbitrary primary key. > > By default, Sequel::Model is designed to be used with surrogate primary keys, > where you shouldn't modify the primary keys manually. Hence the reason for > how inserting works in Sequel::Model (insert row, get autoincremented primary > key, refresh). If you are using natural primary keys, where you will be > setting the primary keys manually, then it makes sense to not restrict the > setting of primary keys. >
Thanks Jeremy, I appreciate the answer - the warning set off all sorts of paranoia! :) Regards, Iain -- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sequel-talk. For more options, visit https://groups.google.com/groups/opt_out.
