pg_strict

防止不带WHERE条件的危险UPDATE和DELETE操作

概览

扩展包名	版本	分类	许可证	语言
`pg_strict`	`1.0.2`	ADMIN	MIT	Rust

ID	扩展名	Bin	Lib	Load	Create	Trust	Reloc	模式
5830	`pg_strict`	否	是	是	是	否	否	-

相关扩展	`safeupdate` `pg_savior` `pg_upless` `pg_drop_events` `pg_readonly` `table_log` `pgaudit` `pg_permissions`

manually patched

版本

类型	仓库	版本	PG 大版本	包名	依赖
EXT	PIGSTY	`1.0.2`	1817161514	`pg_strict`	-
RPM	PIGSTY	`1.0.2`	1817161514	`pg_strict_$v`	-
DEB	PIGSTY	`1.0.2`	1817161514	`pg_strict_$v`	-

OS / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PIGSTY 1.0.2 el8.x86_64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el8.x86_64.rpm PIGSTY · 1.0.2 · 324.1KiB	PIGSTY 1.0.2 el8.x86_64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el8.x86_64.rpm PIGSTY · 1.0.2 · 324.4KiB	PIGSTY 1.0.2 el8.x86_64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el8.x86_64.rpm PIGSTY · 1.0.2 · 324.5KiB	PIGSTY 1.0.2 el8.x86_64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el8.x86_64.rpm PIGSTY · 1.0.2 · 323.7KiB	PIGSTY 1.0.2 el8.x86_64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el8.x86_64.rpm PIGSTY · 1.0.2 · 323.8KiB
el8.aarch64	PIGSTY 1.0.2 el8.aarch64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el8.aarch64.rpm PIGSTY · 1.0.2 · 217.9KiB	PIGSTY 1.0.2 el8.aarch64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el8.aarch64.rpm PIGSTY · 1.0.2 · 217.8KiB	PIGSTY 1.0.2 el8.aarch64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el8.aarch64.rpm PIGSTY · 1.0.2 · 217.8KiB	PIGSTY 1.0.2 el8.aarch64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el8.aarch64.rpm PIGSTY · 1.0.2 · 217.8KiB	PIGSTY 1.0.2 el8.aarch64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el8.aarch64.rpm PIGSTY · 1.0.2 · 217.8KiB
el9.x86_64	PIGSTY 1.0.2 el9.x86_64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el9.x86_64.rpm PIGSTY · 1.0.2 · 338.9KiB	PIGSTY 1.0.2 el9.x86_64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el9.x86_64.rpm PIGSTY · 1.0.2 · 339.0KiB	PIGSTY 1.0.2 el9.x86_64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el9.x86_64.rpm PIGSTY · 1.0.2 · 339.1KiB	PIGSTY 1.0.2 el9.x86_64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el9.x86_64.rpm PIGSTY · 1.0.2 · 338.9KiB	PIGSTY 1.0.2 el9.x86_64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el9.x86_64.rpm PIGSTY · 1.0.2 · 338.6KiB
el9.aarch64	PIGSTY 1.0.2 el9.aarch64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el9.aarch64.rpm PIGSTY · 1.0.2 · 232.5KiB	PIGSTY 1.0.2 el9.aarch64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el9.aarch64.rpm PIGSTY · 1.0.2 · 232.8KiB	PIGSTY 1.0.2 el9.aarch64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el9.aarch64.rpm PIGSTY · 1.0.2 · 232.8KiB	PIGSTY 1.0.2 el9.aarch64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el9.aarch64.rpm PIGSTY · 1.0.2 · 232.8KiB	PIGSTY 1.0.2 el9.aarch64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el9.aarch64.rpm PIGSTY · 1.0.2 · 232.7KiB
el10.x86_64	PIGSTY 1.0.2 el10.x86_64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el10.x86_64.rpm PIGSTY · 1.0.2 · 339.1KiB	PIGSTY 1.0.2 el10.x86_64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el10.x86_64.rpm PIGSTY · 1.0.2 · 339.3KiB	PIGSTY 1.0.2 el10.x86_64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el10.x86_64.rpm PIGSTY · 1.0.2 · 339.2KiB	PIGSTY 1.0.2 el10.x86_64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el10.x86_64.rpm PIGSTY · 1.0.2 · 339.2KiB	PIGSTY 1.0.2 el10.x86_64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el10.x86_64.rpm PIGSTY · 1.0.2 · 338.8KiB
el10.aarch64	PIGSTY 1.0.2 el10.aarch64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el10.aarch64.rpm PIGSTY · 1.0.2 · 232.6KiB	PIGSTY 1.0.2 el10.aarch64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el10.aarch64.rpm PIGSTY · 1.0.2 · 232.3KiB	PIGSTY 1.0.2 el10.aarch64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el10.aarch64.rpm PIGSTY · 1.0.2 · 232.7KiB	PIGSTY 1.0.2 el10.aarch64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el10.aarch64.rpm PIGSTY · 1.0.2 · 232.4KiB	PIGSTY 1.0.2 el10.aarch64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el10.aarch64.rpm PIGSTY · 1.0.2 · 232.7KiB
d12.x86_64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
d12.aarch64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
d13.x86_64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
d13.aarch64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
u22.x86_64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
u22.aarch64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
u24.x86_64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
u24.aarch64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS

构建

您可以使用 pig build 命令构建 pg_strict 扩展的 RPM / DEB 包：

pig build pkg pg_strict         # 构建 RPM / DEB 包

安装

您可以直接安装 pg_strict 扩展包的预置二进制包，首先确保 PGDG 和 PIGSTY 仓库已经添加并启用：

pig repo add pgsql -u          # 添加仓库并更新缓存

使用 pig 或者是 apt/yum/dnf 安装扩展：

pig install pg_strict;          # 当前活跃 PG 版本安装

pig ext install -y pg_strict -v 18  # PG 18
pig ext install -y pg_strict -v 17  # PG 17
pig ext install -y pg_strict -v 16  # PG 16
pig ext install -y pg_strict -v 15  # PG 15
pig ext install -y pg_strict -v 14  # PG 14

dnf install -y pg_strict_18       # PG 18
dnf install -y pg_strict_17       # PG 17
dnf install -y pg_strict_16       # PG 16
dnf install -y pg_strict_15       # PG 15
dnf install -y pg_strict_14       # PG 14

apt install -y pg_strict_18   # PG 18
apt install -y pg_strict_17   # PG 17
apt install -y pg_strict_16   # PG 16
apt install -y pg_strict_15   # PG 15
apt install -y pg_strict_14   # PG 14

预加载配置：

shared_preload_libraries = 'pg_strict';

创建扩展：

CREATE EXTENSION pg_strict;

用法

pg_strict: 阻止不带 WHERE 子句的危险 UPDATE 和 DELETE

pg_strict 扩展阻止缺少 WHERE 子句的 UPDATE 和 DELETE 语句。它通过 post_parse_analyze_hook 在解析/分析阶段运行，为每种语句类型提供三种执行模式。

配置参数

参数	模式	描述
`pg_strict.require_where_on_update`	`on`/`warn`/`off`	对 UPDATE 强制要求 WHERE
`pg_strict.require_where_on_delete`	`on`/`warn`/`off`	对 DELETE 强制要求 WHERE

on：拒绝不带 WHERE 的语句（抛出错误）
warn：允许但发出警告日志
off：标准 PostgreSQL 行为

会话级配置

SET pg_strict.require_where_on_update = 'on';
SET pg_strict.require_where_on_delete = 'warn';

持久化配置

ALTER DATABASE postgres SET pg_strict.require_where_on_update = 'on';
ALTER ROLE app_service SET pg_strict.require_where_on_delete = 'on';
ALTER ROLE dba_admin SET pg_strict.require_where_on_update = 'off';

事务级覆盖

BEGIN;
SET LOCAL pg_strict.require_where_on_delete = 'off';
DELETE FROM temp_table;  -- 在此事务中允许
COMMIT;

API 函数

SELECT pg_strict_version();           -- 扩展版本
SELECT pg_strict_config();            -- 所有设置及其值和描述

-- 以编程方式验证查询
SELECT pg_strict_check_where_clause('DELETE FROM t', 'DELETE');  -- 返回布尔值
SELECT pg_strict_validate_update('UPDATE t SET x=1');
SELECT pg_strict_validate_delete('DELETE FROM t');

-- 快速模式切换
SELECT pg_strict_enable_update();     -- 将 update 执行设为 'on'
SELECT pg_strict_warn_delete();       -- 将 delete 执行设为 'warn'
SELECT pg_strict_disable_update();    -- 将 update 执行设为 'off'

任何非空 WHERE 条件都被接受（包括 WHERE false）。支持 CTE 语句。

意见反馈

这个页面对您有帮助吗？

感谢反馈！请告诉我们如何改进。

抱歉给您带来不便。请告诉我们如何改进。

最后修改 2026-03-14: update extension metadata (953cbd0)