|
| 1 | +--- |
| 2 | +title: 'SQL Review Rule Explained - Prohibit CASCADE' |
| 3 | +author: Tianzhou |
| 4 | +updated_at: 2025/11/10 10:00 |
| 5 | +feature_image: /content/blog/sql-review-rule-explained-prohibit-cascade/banner.webp |
| 6 | +tags: Explanation |
| 7 | +description: Learn why CASCADE operations in SQL can lead to catastrophic data loss and how the "Prohibit CASCADE" review rule protects your production database. |
| 8 | +--- |
| 9 | + |
| 10 | +> A single misunderstood `CASCADE` command can wipe out production data in seconds. The keyword appears harmless but can trigger deletions across your entire database schema. |
| 11 | +
|
| 12 | +Bytebase [SQL Review](https://docs.bytebase.com/change-database/review) contains the following rules to prevent **CASCADING** failures: |
| 13 | + |
| 14 | +1. **Prohibit using CASCADE option for ON DELETE clauses**: The `CASCADE` option in `ON DELETE` can cause a large number of dependent objects to be deleted or modified, leading to unexpected results. |
| 15 | + |
| 16 | +1. **Prohibit using CASCADE when removing a table**: Using the `CASCADE` option when removing a table can cause a large number of dependent objects to be deleted or modified, leading to unexpected results. |
| 17 | + |
| 18 | +## What is CASCADE? |
| 19 | + |
| 20 | +CASCADE appears in two contexts in SQL: |
| 21 | + |
| 22 | +### CASCADE in Foreign Key Constraints |
| 23 | + |
| 24 | +```sql |
| 25 | +CREATE TABLE posts ( |
| 26 | + user_id INT, |
| 27 | + FOREIGN KEY (user_id) REFERENCES users(id) |
| 28 | + ON DELETE CASCADE -- Deleting a user deletes all their posts |
| 29 | +); |
| 30 | +``` |
| 31 | + |
| 32 | +### CASCADE in TRUNCATE Operations |
| 33 | + |
| 34 | +```sql |
| 35 | +TRUNCATE TABLE users CASCADE; -- Truncates users AND all tables referencing it |
| 36 | +``` |
| 37 | + |
| 38 | +_Note: `TRUNCATE ... CASCADE` is PostgreSQL-specific. This behavior (automatically truncating dependent tables via foreign keys) doesn't exist in MySQL, SQL Server, or other databases. Oracle has `TRUNCATE ... CASCADE` but for a different purpose (materialized views)._ |
| 39 | + |
| 40 | +This is especially dangerous—many developers misunderstand its behavior. |
| 41 | + |
| 42 | +### The Common Misunderstanding |
| 43 | + |
| 44 | +Imagine a team is migrating their database and wants to clean up test data from new tables. A developer runs: |
| 45 | + |
| 46 | +```sql |
| 47 | +TRUNCATE TABLE new_feature_table CASCADE; |
| 48 | +``` |
| 49 | + |
| 50 | +**Their intention:** Delete test data from the new tables. |
| 51 | + |
| 52 | +**Their assumption:** CASCADE only deletes related test data in other tables. |
| 53 | + |
| 54 | +**What actually happened:** `TRUNCATE ... CASCADE` deleted **ALL data** in every table with foreign keys pointing to `new_feature_table`—including years of production data. |
| 55 | + |
| 56 | +The key misunderstanding: `TRUNCATE TABLE A CASCADE` doesn't just delete related rows in table B. It truncates **entire tables** that have foreign keys pointing to table A. In complex schemas with interconnected tables, a single CASCADE command can wipe out your entire database. |
| 57 | + |
| 58 | +## How to Protect Your Database |
| 59 | + |
| 60 | +**1. Use explicit DELETE statements** |
| 61 | + |
| 62 | +```sql |
| 63 | +-- ❌ DANGEROUS: CASCADE affects unexpected tables |
| 64 | +TRUNCATE TABLE users CASCADE; |
| 65 | + |
| 66 | +-- ✅ SAFE: Full control over what's deleted |
| 67 | +DELETE FROM user_sessions WHERE user_id IN (SELECT id FROM users WHERE ...); |
| 68 | +DELETE FROM users WHERE ...; |
| 69 | +``` |
| 70 | + |
| 71 | +**2. Implement automated SQL review** |
| 72 | + |
| 73 | +Use Bytebase to automatically scan all SQL before execution and block dangerous `CASCADE` operations in production. |
| 74 | + |
| 75 | +**3. Remove dangerous privileges** |
| 76 | + |
| 77 | +```sql |
| 78 | +REVOKE TRUNCATE ON ALL TABLES IN SCHEMA public FROM app_user; |
| 79 | +``` |
| 80 | + |
| 81 | +**4. Test migrations thoroughly** |
| 82 | + |
| 83 | +Run the full migration in staging with production-like data, verify the scope of impact, and test rollback procedures. |
| 84 | + |
| 85 | +**5. Use safer foreign key options** |
| 86 | + |
| 87 | +Consider `ON DELETE RESTRICT` or `ON DELETE SET NULL` instead of `ON DELETE CASCADE`. |
| 88 | + |
| 89 | +## Summary |
| 90 | + |
| 91 | +The `CASCADE` keyword can trigger automatic data deletion across your entire database. The most critical point: `TRUNCATE TABLE A CASCADE` truncates **ALL tables** with foreign keys pointing to A—not just related rows. |
| 92 | + |
| 93 | +**Protect your database:** |
| 94 | + |
| 95 | +- Use explicit DELETE statements for full control over data deletion |
| 96 | +- Block CASCADE in production using Bytebase SQL review rules |
| 97 | +- Remove TRUNCATE privileges from application users |
| 98 | +- Always test schema changes in staging environments |
0 commit comments