Home > mailing lists

Re: dblink vs SQL/MED - security and implementation details - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: dblink vs SQL/MED - security and implementation details
Date	January 6, 2009 16:51:32
Msg-id	8646.1231264251@sss.pgh.pa.us Whole thread Raw
In response to	Re: dblink vs SQL/MED - security and implementation details (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: dblink vs SQL/MED - security and implementation details (Peter Eisentraut <peter_e@gmx.net>) Re: dblink vs SQL/MED - security and implementation details (Martin Pihlak <martin.pihlak@gmail.com>)
List	pgsql-hackers

Tree view

Peter Eisentraut <peter_e@gmx.net> writes:
> I think you want some permission checking on fdtest then, right?

What about the permissions on the system catalogs themselves?
AFAICT, the pg_user_mappings view will expose user passwords to
the "owner" of the foreign server, which doesn't seem good.
        regards, tom lane

pgsql-hackers by date:

From: Peter Eisentraut
Date: 06 January 2009, 16:46:32
Subject: Re: dblink vs SQL/MED - security and implementation details

From: Bruce Momjian
Date: 06 January 2009, 16:57:43
Subject: Re: Warning about the 8.4 release

Re: dblink vs SQL/MED - security and implementation details - Mailing list pgsql-hackers

Previous

Next