| From: | Martin Pihlak <martin(dot)pihlak(at)gmail(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Joe Conway <mail(at)joeconway(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: dblink vs SQL/MED - security and implementation details |
| Date: | 2009-01-06 19:04:11 |
| Message-ID: | 4963AB2B.9060607@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> On Tuesday 06 January 2009 05:54:14 Joe Conway wrote:
>> contrib_regression=> SELECT dblink_connect('myconn', 'fdtest');
>> dblink_connect
>> ----------------
>> OK
>> (1 row)
>
> I think you want some permission checking on fdtest then, right?
>
The proposed "connection lookup" functions have USAGE check on the
server.
About the connstr validation -- it would be best done in the connection
lookup function. IMO it would make sense to validate the connstring if the
foreign server is not OWNED by a superuser. This would enable less trusted
to create and own servers but would force them to provide a username and
password (validate in CreateUserMapping and GetForeignConnectionOptions).
And superuser could still set up a connection that makes use of .pgpass,
pgservice etc. Comments?
regards,
Martin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2009-01-06 19:05:47 | Re: Is it really such a great idea for spi.h to include the world? |
| Previous Message | Bruce Momjian | 2009-01-06 19:02:16 | Re: PostgreSQL 8.3.4 reproducible crash |