PostgreSQL 8.3.23 Documentation | ||||
---|---|---|---|---|
Prev | Fast Backward | Fast Forward | Next |
dblink_connect_u(text connstr) returns text dblink_connect_u(text connname, text connstr) returns text
dblink_connect_u()
is identical
to dblink_connect()
, except that it
will allow non-superusers to connect using any authentication
method.
If the remote server selects an authentication method that
does not involve a password, then impersonation and subsequent
escalation of privileges can occur, because the session will
appear to have originated from the user as which the local
PostgreSQL server runs.
Therefore, dblink_connect_u()
is
initially installed with all privileges revoked from PUBLIC, making it un-callable except by
superusers. In some situations it may be appropriate to grant
EXECUTE permission for dblink_connect_u()
to specific users who are
considered trustworthy, but this should be done with care.
For further details see dblink_connect()
.