Quick Links

Re: [patch] fix dblink security hole

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Joe Conway <mail(at)joeconway(dot)com>
Cc:	Marko Kreen <markokr(at)gmail(dot)com>, Postgres Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: [patch] fix dblink security hole
Date:	2008-09-22 11:51:43
Message-ID:	11293.1222084303@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Joe Conway <mail(at)joeconway(dot)com> writes:
> Tom Lane wrote:
>> What do you think about getting rid of the password_from_string state
>> variable? It was always a bit of a kluge, and we don't seem to need
>> it anymore with this approach.

> It is still used in PQconnectionUsedPassword(). That is still needed to
> prevent a non-superuser from logging in as the superuser if the server
> does not require authentication.

No, the test to see if the server actually *asked* for the password is
the important part at that end.

regards, tom lane

In response to

Re: [patch] fix dblink security hole at 2008-09-22 04:21:35 from Joe Conway

Responses

Re: [patch] fix dblink security hole at 2008-09-22 13:52:50 from Joe Conway

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2008-09-22 11:53:23	Re: Toasted table not deleted when no out of line columns left
Previous Message	Oleg Serov	2008-09-22 11:47:11	HOWTO: FK: BIGINT[] -> BIGINT(Theoreticaly AnyElem[] -> AnyElem)