| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Noah Yetter <nyetter(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: GRANT USAGE on FOREIGN SERVER exposes passwords |
| Date: | 2015-02-05 16:23:46 |
| Message-ID: | 20150205162346.GY3854@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> On Thu, Feb 5, 2015 at 10:48 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> >> If she's got dblink access, she can run arbitrary
> >> SQL queries on the remote server anyway, which is all the password
> >> would let her do. Also, she could use dblink to run ALTER ROLE foo
> >> PASSWORD '...' on the remote server, and then she'll *definitely* know
> >> the password.
> >
> > And I thought this was about FDW options and not about dblink, really..
>
> The OP is pretty clearly asking about dblink.
I was just pointing out that it was an issue that all FDWs suffer from,
since we don't have any way for an FDW to say "don't show this option",
as discussed.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-02-05 16:48:55 | Re: GRANT USAGE on FOREIGN SERVER exposes passwords |
| Previous Message | Robert Haas | 2015-02-05 16:20:48 | Re: GRANT USAGE on FOREIGN SERVER exposes passwords |