| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Florian Pflug <fgp(dot)phlo(dot)org(at)gmail(dot)com> |
| Cc: | Gregory Stark <stark(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Hammond <andrew(dot)george(dot)hammond(at)gmail(dot)com>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Bugtraq: Having Fun With PostgreSQL |
| Date: | 2007-06-27 19:33:20 |
| Message-ID: | 20070627193320.GL7531@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Florian Pflug (fgp(dot)phlo(dot)org(at)gmail(dot)com) wrote:
> Stephen Frost wrote:
> >Uh, have the admin create appropriate views.
> I meant letting them use it to connect to abitrary databases and hosts, not
> executing only predefined quries. My wording wasn't clear in that regard,
> though.
Perhaps I wasn't clear. My response to that is "don't.". It's not a
safe or sane thing for a user to be able to do.
> >I disagree. What dblink *does* is insecure and in general *shouldn't*
> >be something regular users can do. That goes well and beyond just the
> >ident case, imv, but it's handy thing to point to atm.
> I fail to see why dblink is any more insecure than, say, plpgsql or
> plperl (not plperlu). It doesn't give any more priviliges than pgsql
> would. The only exception IMHO are privileges that you get because
> dblink issues that connection from a specific machine as a specific user.
Trusted languages shouldn't be able to open socket connections. If
plpgsql (erm, don't think so) or plperl (I hope it can't...) can do that
then they should be marked as untrusted.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | twraney | 2007-06-27 19:49:35 | todo: Hash index creation |
| Previous Message | Doug Knight | 2007-06-27 19:17:46 | Capturing binary and other output destined for "make install" |