| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Gregory Stark <stark(at)enterprisedb(dot)com>, pgsql-patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: dblink connection security |
| Date: | 2007-07-01 21:12:09 |
| Message-ID: | 468818A9.4020700@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Robert Treat wrote:
>>> Joe Conway <mail(at)joeconway(dot)com> writes:
>> Well certainly dbi-link has the exact same issue.
>
> dbi-link only works in plperlu, so you've already decided your superuser only.
How so -- it is fundamentally no different than dblink, which is C
language (also untrusted).
I think the issue is that once the superuser creates said functions,
usage of the functions is automatically granted to PUBLIC, no? Being an
untrusted language just means that it takes a superuser to create the
functions using that language, not to use the functions themselves.
Joe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gregory Stark | 2007-07-01 21:54:00 | Re: dblink connection security |
| Previous Message | Tom Lane | 2007-07-01 20:59:43 | Re: dblink connection security |