Home > mailing lists

Re: Bugtraq: Having Fun With PostgreSQL - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Bugtraq: Having Fun With PostgreSQL
Date	June 26, 2007 20:56:20
Msg-id	28568.1182891373@sss.pgh.pa.us Whole thread Raw
In response to	Re: Bugtraq: Having Fun With PostgreSQL (Gregory Stark <stark@enterprisedb.com>)
Responses	Re: Bugtraq: Having Fun With PostgreSQL (Stephen Frost <sfrost@snowman.net>) Re: Bugtraq: Having Fun With PostgreSQL (Gregory Stark <stark@enterprisedb.com>) Re: Bugtraq: Having Fun With PostgreSQL (Andrew Dunstan <andrew@dunslane.net>) Re: Bugtraq: Having Fun With PostgreSQL (Jeremy Drake <pgsql@jdrake.com>)
List	pgsql-hackers

Tree view

Gregory Stark <stark@enterprisedb.com> writes:
> All that really has to happen is that dblink should by default not be
> callable by any user other than Postgres.

Yeah, that is not an unreasonable change.  Someone suggested it far
upthread, but we seem to have gotten distracted :-(

> The only problem with this is that dblink provides 36 different functions

I think just having the install script revoke public execute access
on the connection-establishing functions would be sufficient.  There
are only two of 'em.
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 26 June 2007, 20:25:08
Subject: Bgwriter LRU cleaning: we've been going at this all wrong

From: Greg Smith
Date: 26 June 2007, 21:27:21
Subject: Re: Bgwriter LRU cleaning: we've been going at this all wrong

Re: Bugtraq: Having Fun With PostgreSQL - Mailing list pgsql-hackers

Previous

Next