Home > mailing lists

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [patch] fix dblink security hole
Date	September 22, 2008 02:41:59
Msg-id	23954.1222051306@sss.pgh.pa.us Whole thread Raw
In response to	Re: [patch] fix dblink security hole (Joe Conway <mail@joeconway.com>)
List	pgsql-hackers

Tree view

Joe Conway <mail@joeconway.com> writes:
> New patch attached.

This is close, but you're failing to guard against a few out-of-memory
corner cases (and now that I look, PQconndefaults() is too).  The libpq
documentation needs more work than this, too.

I'll make a cleanup pass and commit.

BTW, I'm quite tempted to get rid of pgpass_from_client and simplify the
specification of PQconnectionUsedPassword to be "did the server request
a password?".  Thoughts?
        regards, tom lane

pgsql-hackers by date:

From: Stephen Frost
Date: 22 September 2008, 02:41:34
Subject: Re: Proposal: move column defaults into pg_attribute along with attacl

From: Tom Lane
Date: 22 September 2008, 03:25:22
Subject: Re: [patch] fix dblink security hole

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

Previous

Next