Home > mailing lists

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [patch] fix dblink security hole
Date	September 22, 2008 11:51:55
Msg-id	11293.1222084303@sss.pgh.pa.us Whole thread Raw
In response to	Re: [patch] fix dblink security hole (Joe Conway <mail@joeconway.com>)
Responses	Re: [patch] fix dblink security hole
List	pgsql-hackers

Tree view

Joe Conway <mail@joeconway.com> writes:
> Tom Lane wrote:
>> What do you think about getting rid of the password_from_string state
>> variable?  It was always a bit of a kluge, and we don't seem to need
>> it anymore with this approach.

> It is still used in PQconnectionUsedPassword(). That is still needed to 
> prevent a non-superuser from logging in as the superuser if the server 
> does not require authentication.

No, the test to see if the server actually *asked* for the password is
the important part at that end.
        regards, tom lane

pgsql-hackers by date:

From: "Oleg Serov"
Date: 22 September 2008, 11:47:26
Subject: HOWTO: FK: BIGINT[] -> BIGINT(Theoreticaly AnyElem[] -> AnyElem)

From: Tom Lane
Date: 22 September 2008, 11:53:58
Subject: Re: Toasted table not deleted when no out of line columns left

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

Previous

Next