Re: dblink connection security - Mailing list pgsql-patches

From Tom Lane
Subject Re: dblink connection security
Date
Msg-id 15632.1183313338@sss.pgh.pa.us
Whole thread Raw
In response to Re: dblink connection security  (Robert Treat <xzilla@users.sourceforge.net>)
Responses Re: dblink connection security
Re: dblink connection security
List pgsql-patches
Robert Treat <xzilla@users.sourceforge.net> writes:
> Did you mean s/trust/ident/g, otherwise I don't think I understand the
> above...

Both trust and ident local auth are sources of risk for this, although
ident is particularly nasty since the DBA probably thinks he's being
secure.

For that matter, I'm not sure that *any* auth method except password
offers much security against the problem; don't LDAP and Kerberos
likewise rely mostly on process-level identity?  And possibly PAM
depending on which PAM plugin you're using?

I'm not sure whether this is something to back-patch, though, since
a back-patch will accomplish zero for existing installations.

            regards, tom lane

pgsql-patches by date:

Previous
From: Robert Treat
Date:
Subject: Re: dblink connection security
Next
From: Magnus Hagander
Date:
Subject: Re: dblink connection security