Home > mailing lists

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

From	Joe Conway
Subject	Re: [patch] fix dblink security hole
Date	September 22, 2008 22:42:19
Msg-id	48D81F45.9020709@joeconway.com Whole thread Raw
In response to	Re: [patch] fix dblink security hole (Tommy Gildseth <tommy.gildseth@usit.uio.no>)
Responses	Re: [patch] fix dblink security hole (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tommy Gildseth wrote:
> Tom Lane wrote:
>> Okay.  I just committed the patch without that change, but I'll go back
>> and add it.
> 
> I'm not quite sure I fully understand the consequence of this change. 
> Does it basically mean that it's not possible to use .pgpass with dblink 
> for authentication?

It only applies to 8.4 (which is not yet released) and beyond.

dblink will still work as before for superusers.

> The alternative then would be to hardcode the password in your stored 
> procedures, or store it in a separate table somehow?

Trusted non-superusers can be granted permission to use dblink_connect_u().

Joe

pgsql-hackers by date:

From: Simon Riggs
Date: 22 September 2008, 22:05:24
Subject: Re: [PATCHES] Infrastructure changes for recovery

From: Bruce Momjian
Date: 23 September 2008, 01:51:22
Subject: Re: Proposed patch: make SQL interval-literal syntax work per spec

Re: [patch] fix dblink security hole - Mailing list pgsql-hackers

Previous

Next