| From: | Florian Pflug <fgp(dot)phlo(dot)org(at)gmail(dot)com> |
|---|---|
| To: | Gregory Stark <stark(at)enterprisedb(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Hammond <andrew(dot)george(dot)hammond(at)gmail(dot)com>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Bugtraq: Having Fun With PostgreSQL |
| Date: | 2007-06-27 02:07:56 |
| Message-ID: | 4681C67C.4070803@gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Gregory Stark wrote:
> All that really has to happen is that dblink should by default not be callable
> by any user other than Postgres. DBAs should be required to manually run
> "GRANT EXECUTE ON dblink_connect(text) TO public;" if that's what he wants.
That serves the purpose of making PG "secure by default" (whatever that means
exactly) well, and surely is a good short-term solution.
But it severely limits the usefulness of dblink on setup where PG uses
ident auth either via TCP or unix-sockets - there seems to be no way to
securely users use dblink in such a setup.
Therefore I think there should be a ToDO
"Explore how dblink can be made safe if used together with ident authentication"
or something similar.
The ideal solution would IMHO be to authenticate a user using dblink as
the user he used to connect to PG in the first place - but since ident is
handled outside of PG that might be impossible to archive without some
really bad hacks. So maybe just finding a way to disable ident auth for
connections made via dblink is sufficient.
greetings, Florian Pflug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2007-06-27 02:20:42 | Re: Bugtraq: Having Fun With PostgreSQL |
| Previous Message | Andrew Dunstan | 2007-06-27 01:59:14 | Re: Bugtraq: Having Fun With PostgreSQL |