pg_strict

Prevent dangerous UPDATE and DELETE without WHERE clause

Overview

Package	Version	Category	License	Language
`pg_strict`	`1.0.2`	ADMIN	MIT	Rust

ID	Extension	Bin	Lib	Load	Create	Trust	Reloc	Schema
5830	`pg_strict`	No	Yes	Yes	Yes	No	No	-

Related	`safeupdate` `pg_savior` `pg_upless` `pg_drop_events` `pg_readonly` `table_log` `pgaudit` `pg_permissions`

manually patched

Version

Type	Repo	Version	PG Ver	Package	Deps
EXT	PIGSTY	`1.0.2`	1817161514	`pg_strict`	-
RPM	PIGSTY	`1.0.2`	1817161514	`pg_strict_$v`	-
DEB	PIGSTY	`1.0.2`	1817161514	`pg_strict_$v`	-

OS / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PIGSTY 1.0.2 el8.x86_64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el8.x86_64.rpm PIGSTY · 1.0.2 · 324.1KiB	PIGSTY 1.0.2 el8.x86_64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el8.x86_64.rpm PIGSTY · 1.0.2 · 324.4KiB	PIGSTY 1.0.2 el8.x86_64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el8.x86_64.rpm PIGSTY · 1.0.2 · 324.5KiB	PIGSTY 1.0.2 el8.x86_64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el8.x86_64.rpm PIGSTY · 1.0.2 · 323.7KiB	PIGSTY 1.0.2 el8.x86_64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el8.x86_64.rpm PIGSTY · 1.0.2 · 323.8KiB
el8.aarch64	PIGSTY 1.0.2 el8.aarch64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el8.aarch64.rpm PIGSTY · 1.0.2 · 217.9KiB	PIGSTY 1.0.2 el8.aarch64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el8.aarch64.rpm PIGSTY · 1.0.2 · 217.8KiB	PIGSTY 1.0.2 el8.aarch64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el8.aarch64.rpm PIGSTY · 1.0.2 · 217.8KiB	PIGSTY 1.0.2 el8.aarch64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el8.aarch64.rpm PIGSTY · 1.0.2 · 217.8KiB	PIGSTY 1.0.2 el8.aarch64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el8.aarch64.rpm PIGSTY · 1.0.2 · 217.8KiB
el9.x86_64	PIGSTY 1.0.2 el9.x86_64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el9.x86_64.rpm PIGSTY · 1.0.2 · 338.9KiB	PIGSTY 1.0.2 el9.x86_64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el9.x86_64.rpm PIGSTY · 1.0.2 · 339.0KiB	PIGSTY 1.0.2 el9.x86_64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el9.x86_64.rpm PIGSTY · 1.0.2 · 339.1KiB	PIGSTY 1.0.2 el9.x86_64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el9.x86_64.rpm PIGSTY · 1.0.2 · 338.9KiB	PIGSTY 1.0.2 el9.x86_64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el9.x86_64.rpm PIGSTY · 1.0.2 · 338.6KiB
el9.aarch64	PIGSTY 1.0.2 el9.aarch64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el9.aarch64.rpm PIGSTY · 1.0.2 · 232.5KiB	PIGSTY 1.0.2 el9.aarch64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el9.aarch64.rpm PIGSTY · 1.0.2 · 232.8KiB	PIGSTY 1.0.2 el9.aarch64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el9.aarch64.rpm PIGSTY · 1.0.2 · 232.8KiB	PIGSTY 1.0.2 el9.aarch64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el9.aarch64.rpm PIGSTY · 1.0.2 · 232.8KiB	PIGSTY 1.0.2 el9.aarch64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el9.aarch64.rpm PIGSTY · 1.0.2 · 232.7KiB
el10.x86_64	PIGSTY 1.0.2 el10.x86_64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el10.x86_64.rpm PIGSTY · 1.0.2 · 339.1KiB	PIGSTY 1.0.2 el10.x86_64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el10.x86_64.rpm PIGSTY · 1.0.2 · 339.3KiB	PIGSTY 1.0.2 el10.x86_64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el10.x86_64.rpm PIGSTY · 1.0.2 · 339.2KiB	PIGSTY 1.0.2 el10.x86_64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el10.x86_64.rpm PIGSTY · 1.0.2 · 339.2KiB	PIGSTY 1.0.2 el10.x86_64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el10.x86_64.rpm PIGSTY · 1.0.2 · 338.8KiB
el10.aarch64	PIGSTY 1.0.2 el10.aarch64.pg18 : pg_strict_18 pg_strict_18-1.0.2-1PIGSTY.el10.aarch64.rpm PIGSTY · 1.0.2 · 232.6KiB	PIGSTY 1.0.2 el10.aarch64.pg17 : pg_strict_17 pg_strict_17-1.0.2-1PIGSTY.el10.aarch64.rpm PIGSTY · 1.0.2 · 232.3KiB	PIGSTY 1.0.2 el10.aarch64.pg16 : pg_strict_16 pg_strict_16-1.0.2-1PIGSTY.el10.aarch64.rpm PIGSTY · 1.0.2 · 232.7KiB	PIGSTY 1.0.2 el10.aarch64.pg15 : pg_strict_15 pg_strict_15-1.0.2-1PIGSTY.el10.aarch64.rpm PIGSTY · 1.0.2 · 232.4KiB	PIGSTY 1.0.2 el10.aarch64.pg14 : pg_strict_14 pg_strict_14-1.0.2-1PIGSTY.el10.aarch64.rpm PIGSTY · 1.0.2 · 232.7KiB
d12.x86_64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
d12.aarch64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
d13.x86_64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
d13.aarch64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
u22.x86_64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
u22.aarch64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
u24.x86_64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS
u24.aarch64	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS	PIGSTY MISS

Build

You can build the RPM / DEB packages for pg_strict using pig build:

pig build pkg pg_strict         # build RPM / DEB packages

Install

You can install pg_strict directly. First, make sure the PGDG and PIGSTY repositories are added and enabled:

pig repo add pgsql -u          # Add repo and update cache

Install the extension using pig or apt/yum/dnf:

pig install pg_strict;          # Install for current active PG version

pig ext install -y pg_strict -v 18  # PG 18
pig ext install -y pg_strict -v 17  # PG 17
pig ext install -y pg_strict -v 16  # PG 16
pig ext install -y pg_strict -v 15  # PG 15
pig ext install -y pg_strict -v 14  # PG 14

dnf install -y pg_strict_18       # PG 18
dnf install -y pg_strict_17       # PG 17
dnf install -y pg_strict_16       # PG 16
dnf install -y pg_strict_15       # PG 15
dnf install -y pg_strict_14       # PG 14

apt install -y pg_strict_18   # PG 18
apt install -y pg_strict_17   # PG 17
apt install -y pg_strict_16   # PG 16
apt install -y pg_strict_15   # PG 15
apt install -y pg_strict_14   # PG 14

Preload:

shared_preload_libraries = 'pg_strict';

Create Extension:

CREATE EXTENSION pg_strict;

Usage

pg_strict: Prevent dangerous UPDATE and DELETE without WHERE clause

The pg_strict extension blocks UPDATE and DELETE statements that lack a WHERE clause. It operates at the parse/analyze stage via post_parse_analyze_hook, providing three enforcement modes per statement type.

Configuration Parameters

Parameter	Modes	Description
`pg_strict.require_where_on_update`	`on`/`warn`/`off`	Enforce WHERE on UPDATE
`pg_strict.require_where_on_delete`	`on`/`warn`/`off`	Enforce WHERE on DELETE

on: Reject statements without WHERE (raises error)
warn: Allow but emit a warning log
off: Standard PostgreSQL behavior

Session-Level Configuration

SET pg_strict.require_where_on_update = 'on';
SET pg_strict.require_where_on_delete = 'warn';

Persistent Configuration

ALTER DATABASE postgres SET pg_strict.require_where_on_update = 'on';
ALTER ROLE app_service SET pg_strict.require_where_on_delete = 'on';
ALTER ROLE dba_admin SET pg_strict.require_where_on_update = 'off';

Transactional Override

BEGIN;
SET LOCAL pg_strict.require_where_on_delete = 'off';
DELETE FROM temp_table;  -- allowed within this transaction
COMMIT;

API Functions

SELECT pg_strict_version();           -- extension version
SELECT pg_strict_config();            -- all settings with values and descriptions

-- Validate queries programmatically
SELECT pg_strict_check_where_clause('DELETE FROM t', 'DELETE');  -- returns boolean
SELECT pg_strict_validate_update('UPDATE t SET x=1');
SELECT pg_strict_validate_delete('DELETE FROM t');

-- Quick mode toggles
SELECT pg_strict_enable_update();     -- set update enforcement to 'on'
SELECT pg_strict_warn_delete();       -- set delete enforcement to 'warn'
SELECT pg_strict_disable_update();    -- set update enforcement to 'off'

Any non-null WHERE condition is accepted (including WHERE false). CTE statements are supported.

Feedback

Was this page helpful?

Thanks for the feedback! Please let us know how we can improve.

Sorry to hear that. Please let us know how we can improve.

Last Modified 2026-03-12: add pg extension catalog (95749bf)