Home > mailing lists

Re: dblink vs SQL/MED - security and implementation details - Mailing list pgsql-hackers

From	Martin Pihlak
Subject	Re: dblink vs SQL/MED - security and implementation details
Date	January 6, 2009 17:48:19
Msg-id	4963A761.8070002@gmail.com Whole thread Raw
In response to	Re: dblink vs SQL/MED - security and implementation details (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: dblink vs SQL/MED - security and implementation details (Tom Lane <tgl@sss.pgh.pa.us>) Re: dblink vs SQL/MED - security and implementation details (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-hackers

Tree view

Tom Lane wrote:
> Peter Eisentraut <peter_e@gmx.net> writes:
>> I think you want some permission checking on fdtest then, right?
> 
> What about the permissions on the system catalogs themselves?
> AFAICT, the pg_user_mappings view will expose user passwords to
> the "owner" of the foreign server, which doesn't seem good.
> 

Usually it would have been the server owner who created those user
mappings in the first place -- so the passwords are already known
to him/her. Of course it is possible to create the mappings first
and later change the ownership of the server, thus exposing the
passwords to a new role. But IMHO, it would be reasonable to assume
that the owner of the server has full control over its user mappings.

regards,
Martin

pgsql-hackers by date:

From: Tom Lane
Date: 06 January 2009, 17:46:36
Subject: Re: SPI nesting in plperl

From: Bruce Momjian
Date: 06 January 2009, 17:56:26
Subject: Re: Is it really such a great idea for spi.h to include the world?

Re: dblink vs SQL/MED - security and implementation details - Mailing list pgsql-hackers

Previous

Next