Tom Lane-2 wrote
> Stephen Frost <
> sfrost@
> > writes:
>> * Robert Haas (
> robertmhaas@
> ) wrote:
>>> On Thu, Feb 5, 2015 at 10:48 AM, Stephen Frost <
> sfrost@
> > wrote:
>>>> And I thought this was about FDW options and not about dblink, really..
>
>>> The OP is pretty clearly asking about dblink.
>
>> I was just pointing out that it was an issue that all FDWs suffer from,
>> since we don't have any way for an FDW to say "don't show this option",
>> as discussed.
>
> The dblink example is entirely uncompelling, given that as you said
> somebody with access to a dblink connection could execute ALTER USER on
> the far end.
So lets fix that loop-hole as well...
> So I would rather say that the baseline security expectation is that
> granting a user mapping should be presumed to be tantamount to granting
> direct access to the remote server with that login info. In that context,
> being able to see the password should not be considered to be any big
> deal.
Is there any provision whereby "USAGE" would restrict the person so granted
from viewing any particulars even though they can call/name the item being
granted; and then require "SELECT" privileges to actual view any of the
associated settings?
Regardless, the OP described behavior of suppressing user options normally
but then showing them upon being granted USAGE on the server seems strange.
David J.
--
View this message in context:
http://postgresql.nabble.com/GRANT-USAGE-on-FOREIGN-SERVER-exposes-passwords-tp5836652p5836826.html
Sent from the PostgreSQL - hackers mailing list archive at Nabble.com.
