Home > mailing lists

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

From	Alvaro Herrera
Subject	Re: [patch] fix dblink security hole
Date	September 12, 2008 17:14:54
Msg-id	20080912171436.GH8854@alvh.no-ip.org Whole thread Raw
In response to	[patch] fix dblink security hole ("Marko Kreen" <markokr@gmail.com>)
Responses	Re: [patch] fix dblink security hole (David Fetter <david@fetter.org>) Re: [patch] fix dblink security hole ("Marko Kreen" <markokr@gmail.com>)
List	pgsql-hackers

Tree view

Marko Kreen escribió:
> Currently dblink allows regular users to initiate libpq connection
> to user-provided connection string.  This breaks the default
> policy that normal users should not be allowed to freely interact
> with outside environment.

Since people is now working on implementing the SQL/MED stuff to manage
connections, should we bounce this patch?  With luck, the CREATE
CONNECTION (?) stuff will be done for the next commitfest and we can
just switch dblink to use that instead.

http://archives.postgresql.org/message-id/e51f66da0809050539x1b25ebb9t7fd664fd67b9f607@mail.gmail.com

Thoughts?  Can we really expect SQL/MED connection mgmt to be done for
the next fest?

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

pgsql-hackers by date:

From: "David E. Wheeler"
Date: 12 September 2008, 16:50:32
Subject: Re: [Review] Tests citext casts by David Wheeler.

From: David Fetter
Date: 12 September 2008, 17:21:34
Subject: Re: [patch] fix dblink security hole

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

Previous

Next