If this is a concern, you could use a trigger to ignore the user-provided value or fetch from the sequence. > On May 11, 2023, at 11:10 AM, Holger Jakobs <holger@xxxxxxxxxx> wrote: > > Am 11.05.23 um 14:38 schrieb hubert depesz lubaczewski: >>> On Wed, May 10, 2023 at 10:06:28PM -0700, Wells Oliver wrote: >>> As a follow up, I've selected max(common_key) from the table and >>> setval()'ed on the sequence to that +1 and I think that should make this go >>> away. Any reason why that's insane? >> If you're on pg 10 or newer, you can make the id to be "generated always >> as identity" which will make it impossible to provide id value from >> user, thus making the problem impossible to happen. >> >> Best regards, >> >> depesz > > Impossible to happen by chance. A malicious user could always use OVERRIDING SYSTEM VALUE clause. > > Kind Regards, > > Holger > > -- > Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012 >
