Home > mailing lists

Re: [patch] plproxy v2 - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [patch] plproxy v2
Date	July 22, 2008 15:56:26
Msg-id	28667.1216740357@sss.pgh.pa.us Whole thread Raw
In response to	Re: [patch] plproxy v2 ("Marko Kreen" <markokr@gmail.com>)
Responses	Re: [patch] plproxy v2 (Hannu Krosing <hannu@krosing.net>)
List	pgsql-hackers

Tree view

"Marko Kreen" <markokr@gmail.com> writes:
> And user can execute only pre-determines queries/functions on system2.

If that were actually the case then the security issue wouldn't loom
quite so large, but the dynamic_query example in the plproxy regression
tests provides a perfect example of how to ruin your security.

> Do you still see a big hole?

Truck-sized, at least.

The complaint here is not that it's impossible to use plproxy securely;
the complaint is that it's so very easy to use it insecurely.
        regards, tom lane

pgsql-hackers by date:

From: "Marko Kreen"
Date: 22 July 2008, 15:52:33
Subject: Re: [patch] plproxy v2

From: Simon Riggs
Date: 22 July 2008, 16:01:53
Subject: Re: Schema-qualified statements in pg_dump output

Re: [patch] plproxy v2 - Mailing list pgsql-hackers

Previous

Next