Home > mailing lists

Re: Bugtraq: Having Fun With PostgreSQL - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: Bugtraq: Having Fun With PostgreSQL
Date	June 26, 2007 22:17:51
Msg-id	46819078.70005@dunslane.net Whole thread Raw
In response to	Re: Bugtraq: Having Fun With PostgreSQL (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view


Tom Lane wrote:
> Gregory Stark <stark@enterprisedb.com> writes:
>   
>> All that really has to happen is that dblink should by default not be
>> callable by any user other than Postgres.
>>     
>
> Yeah, that is not an unreasonable change.  Someone suggested it far
> upthread, but we seem to have gotten distracted :-(
>
>   
>> The only problem with this is that dblink provides 36 different functions
>>     
>
> I think just having the install script revoke public execute access
> on the connection-establishing functions would be sufficient.  There
> are only two of 'em.
>
>     
>   

+1 on this.

cheers

andrew

pgsql-hackers by date:

From: Tom Lane
Date: 26 June 2007, 22:10:36
Subject: Re: Frustrating issue with PGXS

From: Tom Lane
Date: 26 June 2007, 22:31:59
Subject: Re: Bgwriter LRU cleaning: we've been going at this all wrong

Re: Bugtraq: Having Fun With PostgreSQL - Mailing list pgsql-hackers

Previous

Next