Re: Bugtraq: Having Fun With PostgreSQL

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Florian Pflug <fgp(dot)phlo(dot)org(at)gmail(dot)com>
Cc: Gregory Stark <stark(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Hammond <andrew(dot)george(dot)hammond(at)gmail(dot)com>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Bugtraq: Having Fun With PostgreSQL
Date: 2007-06-27 02:20:42
Message-ID: 20070627022042.GK7531@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* Florian Pflug (fgp(dot)phlo(dot)org(at)gmail(dot)com) wrote:
> Gregory Stark wrote:
> >All that really has to happen is that dblink should by default not be
> >callable
> >by any user other than Postgres. DBAs should be required to manually run
> >"GRANT EXECUTE ON dblink_connect(text) TO public;" if that's what he wants.
>
> That serves the purpose of making PG "secure by default" (whatever that
> means
> exactly) well, and surely is a good short-term solution.
> But it severely limits the usefulness of dblink on setup where PG uses
> ident auth either via TCP or unix-sockets - there seems to be no way to
> securely users use dblink in such a setup.

Uh, have the admin create appropriate views.

> Therefore I think there should be a ToDO
> "Explore how dblink can be made safe if used together with ident
> authentication"
> or something similar.

I disagree. What dblink *does* is insecure and in general *shouldn't*
be something regular users can do. That goes well and beyond just the
ident case, imv, but it's handy thing to point to atm.

> The ideal solution would IMHO be to authenticate a user using dblink as
> the user he used to connect to PG in the first place - but since ident is
> handled outside of PG that might be impossible to archive without some
> really bad hacks. So maybe just finding a way to disable ident auth for
> connections made via dblink is sufficient.

erm, this isn't dblink anymore, this is cross-database stuff that should
be done completely differently from dblink, if it's going to be done at
all.

Thanks,

Stephen

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Jeremy Drake 2007-06-27 02:21:43 Re: Bugtraq: Having Fun With PostgreSQL
Previous Message Florian Pflug 2007-06-27 02:07:56 Re: Bugtraq: Having Fun With PostgreSQL