Home > mailing lists

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

From	Joe Conway
Subject	Re: [patch] fix dblink security hole
Date	September 21, 2008 01:55:24
Msg-id	48D5A988.5000409@joeconway.com Whole thread Raw
In response to	Re: [patch] fix dblink security hole (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: [patch] fix dblink security hole (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane wrote:
> I think there is an alternative solution, if we are only going to patch
> this in 8.4 and up: provide a new libpq conninfo-string option saying
> not to use .pgpass, and have dblink add that to the passed-in conninfo
> string instead of trying to check after the fact.  Then we aren't
> changing dblink's API at all, only replacing a leaky security check
> with a better one.

Good point -- I'll look into that and post something tomorrow. How does 
"requirepassword" sound for the option? It is consistent with 
"requiressl" but a bit long and hard to read. Maybe "require_password"?

Joe

pgsql-hackers by date:

From: Tom Lane
Date: 21 September 2008, 01:28:22
Subject: Re: Predictable order of SQL commands in pg_dump

From: "Merlin Moncure"
Date: 21 September 2008, 02:04:20
Subject: Re: Foreign key constraint for array-field?

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

Previous

Next