Thomas Kellerer <shammat@gmx.net> writes:
> Tom Lane schrieb am 17.12.2021 um 17:27:
>> No, that won't help. Like postgres_fdw, dblink will only let you use
>> non-password auth methods if you're superuser [1][2]. The problem is
>> that making use of any credentials stored in the server's filesystem
>> amounts to impersonating the OS user that's running the server. It'd
>> be nice to find a less confining solution, but I'm not sure what one
>> would look like.
> What about using a .pgpass file?
Still amounts to impersonating the server (and yeah, we do prevent
that if you're not superuser).
It might make sense to have a superuser-owned SECURITY DEFINER
function that's responsible for creating the desired connection,
and could make use of the server's .pgpass credentials. As long
as you restrict what that function is willing to do, and restrict
who can execute it, this'd probably be adequately secure.
regards, tom lane
