| From: | Martin Pihlak <martin(dot)pihlak(at)gmail(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: dblink vs SQL/MED - security and implementation details |
| Date: | 2009-01-05 14:30:09 |
| Message-ID: | 49621971.6010707@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Joe Conway wrote:
> I'm mainly concerned about re-opening security holes that we spent a lot
> of time debating and subsequently closing. I suspect if we assume that
> any FDW-derived connect string can bypass the checks we put in place, we
> will regret it later. But I'm open to arguments on both sides...
>
In order to create a foreign server, the user needs USAGE on the foreign
data wrapper. Creating user mappings requires the user to be the owner of
the server. Both need explicit grants or alters by the superuser. This is
a bit more relaxed than the current superuser check, but still only trusted
users can define arbitrary connections.
Also, allowing passwordless user mappings adds some flexibility for defining
connections - storing passwords in .pgpass, pgservice or not using a password
at all (pg_hba trust etc.).
regards,
Martin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-01-05 14:39:15 | Re: Status of issue 4593 |
| Previous Message | Aidan Van Dyk | 2009-01-05 13:59:46 | Re: Several tags around PostgreSQL 7.1 broken |