| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, Gregory Stark <stark(at)enterprisedb(dot)com>, pgsql-patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: dblink connection security |
| Date: | 2007-07-07 15:19:03 |
| Message-ID: | 1836.1183821543@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Joe Conway <mail(at)joeconway(dot)com> writes:
> What about using the attached for 8.3, as well as earlier?
> It simply does not allow the local database user to become someone else
> on the libpq remote connection unless they are a superuser.
This assumes that usernames on the remote site are equivalent to those
locally. Which is helpful for the sort of local-loop scenarios we've
been thinking about, but is hardly watertight even then (consider
multiple postmasters on one machine). For remote connections it seems
counterproductive; you might as well say "you must be superuser" and
keep it simple.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2007-07-07 16:24:50 | Re: dblink connection security |
| Previous Message | Magnus Hagander | 2007-07-07 14:24:37 | Re: script binaries renaming |