| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Tommy Gildseth <tommy(dot)gildseth(at)usit(dot)uio(dot)no>, Postgres Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [patch] fix dblink security hole |
| Date: | 2008-09-23 03:28:46 |
| Message-ID: | 16704.1222140526@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Joe Conway <mail(at)joeconway(dot)com> writes:
> Tommy Gildseth wrote:
>> I'm not quite sure I fully understand the consequence of this change.
>> Does it basically mean that it's not possible to use .pgpass with dblink
>> for authentication?
> It only applies to 8.4 (which is not yet released) and beyond.
> dblink will still work as before for superusers.
The visible, documented behavior actually is not any different from what
it's been in recent PG releases. This change only plugs a possible
security issue that we weren't aware of before, ie, that dblink might
send a password to a server before failing the connect attempt. It will
fail the connect attempt either way, though, so no functionality
changes.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonah H. Harris | 2008-09-23 03:30:58 | Re: hash index improving v3 |
| Previous Message | Alex Hunsaker | 2008-09-23 03:25:03 | Re: hash index improving v3 |