| From: | Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Noah Yetter <nyetter(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: GRANT USAGE on FOREIGN SERVER exposes passwords |
| Date: | 2015-02-11 06:24:21 |
| Message-ID: | 54DAF595.1080100@BlueTreble.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2/5/15 10:48 AM, Tom Lane wrote:
> Stephen Frost<sfrost(at)snowman(dot)net> writes:
>> >* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>>> >>On Thu, Feb 5, 2015 at 10:48 AM, Stephen Frost<sfrost(at)snowman(dot)net> wrote:
>>>> >>>And I thought this was about FDW options and not about dblink, really..
>>> >>The OP is pretty clearly asking about dblink.
>> >I was just pointing out that it was an issue that all FDWs suffer from,
>> >since we don't have any way for an FDW to say "don't show this option",
>> >as discussed.
> The dblink example is entirely uncompelling, given that as you said
> somebody with access to a dblink connection could execute ALTER USER on
> the far end.
Actually, you can eliminate that by not granting direct access to dblink
functions. Instead you create a SECURITY DEFINER function that sanity
checks the SQL you're trying to run and rejects things like ALTER USER.
While you're doing that, you can also lock away the connection
information. A former coworker actually built a system that does this,
at least to a limited degree.
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Вадим Грибанов | 2015-02-11 08:07:38 | Re: [HACKERS] GSoC 2015 - mentors, students and admins. |
| Previous Message | Jim Nasby | 2015-02-11 06:15:53 | Re: reducing our reliance on MD5 |