This page in other versions: 9.0 / 9.1 / 9.2 / 9.3  |  Development versions: devel / 9.4  |  Unsupported versions: 8.3 / 8.4

dblink_connect_u

Name

dblink_connect_u -- opens a persistent connection to a remote database, insecurely

Synopsis

    dblink_connect_u(text connstr) returns text
    dblink_connect_u(text connname, text connstr) returns text
   

Description

dblink_connect_u() is identical to dblink_connect(), except that it will allow non-superusers to connect using any authentication method.

If the remote server selects an authentication method that does not involve a password, then impersonation and subsequent escalation of privileges can occur, because the session will appear to have originated from the user as which the local PostgreSQL server runs. Therefore, dblink_connect_u() is initially installed with all privileges revoked from PUBLIC, making it un-callable except by superusers. In some situations it may be appropriate to grant EXECUTE permission for dblink_connect_u() to specific users who are considered trustworthy, but this should be done with care.

For further details see dblink_connect().

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group