| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Kreißl, Karsten" <KREISSL(at)his(dot)de> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: User Privileges using dblink |
| Date: | 2004-06-22 14:05:28 |
| Message-ID: | 17271.1087913128@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
=?iso-8859-1?Q?=22Krei=DFl=2C_Karsten=22?= <KREISSL(at)his(dot)de> writes:
> The second problem with dblink is a security hole.
> create view myinst as select * from dblink('dbname=sva4_int1','select .... from inst') as (.......);
This is not a security hole in dblink, it is a security hole in your
pg_hba.conf setup. Don't use trust authentication.
> This problem could also be resolved, if dblink uses the current login
> information.
That seems completely impractical. In the first place, it's not a
reasonable default (there's no good reason to assume that the remote
DB has the same users as the local), and in the second place dblink
cannot get at the user's password. (We *would* have a security hole
if it could.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Milos Prudek | 2004-06-22 14:22:33 | insert with select as value |
| Previous Message | eetemadi | 2004-06-22 13:48:57 | How can I add a new language localization(locale) support |