Home > mailing lists

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

From	Tommy Gildseth
Subject	Re: [patch] fix dblink security hole
Date	September 22, 2008 20:58:28
Msg-id	48D806EB.4090001@usit.uio.no Whole thread Raw
In response to	Re: [patch] fix dblink security hole (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: [patch] fix dblink security hole (Joe Conway <mail@joeconway.com>)
List	pgsql-hackers

Tree view

Tom Lane wrote:
> Joe Conway <mail@joeconway.com> writes:
>> Tom Lane wrote:
>>> No, the test to see if the server actually *asked* for the password is
>>> the important part at that end.
> 
>> Oh, I see that now. So yes, as far as I can tell, password_from_string 
>> is not used for anything anymore and should be removed.
> 
> Okay.  I just committed the patch without that change, but I'll go back
> and add it.

I'm not quite sure I fully understand the consequence of this change. 
Does it basically mean that it's not possible to use .pgpass with dblink 
for authentication?
The alternative then would be to hardcode the password in your stored 
procedures, or store it in a separate table somehow?

-- 
Tommy Gildseth

pgsql-hackers by date:

From: Ron Mayer
Date: 22 September 2008, 20:49:44
Subject: Re: Initial prefetch performance testing

From: Simon Riggs
Date: 22 September 2008, 22:04:30
Subject: Re: get_relation_stats_hook()

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

Previous

Next