Re: Error from the foreign RDBMS on a foreign table I have no privilege on

From: Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>
To: laurenz(dot)albe(at)cybertec(dot)at
Cc: euler(at)eulerto(dot)com, philflorent(at)hotmail(dot)com, pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: Error from the foreign RDBMS on a foreign table I have no privilege on
Date: 2022-06-08 04:06:25
Message-ID: 20220608.130625.665509518109995128.horikyota.ntt@gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

At Wed, 08 Jun 2022 12:09:27 +0900 (JST), Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> wrote in
> At Wed, 08 Jun 2022 04:38:02 +0200, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> wrote in
> > If anything, it should be done in the FDW, because it is only necessary if the
> > FDW calls the remote site during planning.
> >
> > The question is: is this a bug in postgres_fdw that should be fixed?
>
> It's depends on what we think about allowing remote access trials
> through unprivileged foreign table in any style. It won't be a
> problem if the system is configured appropriately but too-frequent
> estimate accesses via unprivileged foreign tables might be regarded as
> an attack attempt.

In other words, I don't think it's not a bug and no need to fix. If
one want to prevent such estimate accesses via unprivileged foreign
tables, it is enough to prevent non-privileged users from having a
user mapping. This might be worth documenting?

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Kyotaro Horiguchi 2022-06-08 04:08:16 Re: Error from the foreign RDBMS on a foreign table I have no privilege on
Previous Message Justin Pryzby 2022-06-08 03:25:21 Re: bogus: logical replication rows/cols combinations