Home > mailing lists

Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings - Mailing list pgsql-hackers

From	Daniel Gustafsson
Subject	Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings
Date	January 10, 2020 01:00:59
Msg-id	2AFF8201-A7BD-491B-A118-2E2C290BD981@yesql.se Whole thread Raw
In response to	Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings (Andrew Dunstan <andrew.dunstan@2ndquadrant.com>)
List	pgsql-hackers

Tree view

> On 9 Jan 2020, at 22:38, Andrew Dunstan <andrew.dunstan@2ndquadrant.com> wrote:

> I'm not (yet)
> convinced that there is any significant security threat here. This
> doesn't give the user or indeed any postgres code any access to the
> contents of these files. But if there is a consensus to restrict this
> I'll do it.

I've seen successful exploits made from parts that I in my wildest imagination
couldn't think be useful, so FWIW +1 for adding belts to suspenders and
restricting this.

cheers ./daniel

pgsql-hackers by date:

From: Tom Lane
Date: 10 January 2020, 00:51:30
Subject: Re: pgsql: Add basic TAP tests for psql's tab-completion logic.

From: Tom Lane
Date: 10 January 2020, 01:02:18
Subject: Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings

Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings - Mailing list pgsql-hackers

Previous

Next