| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Gregory Stark <stark(at)enterprisedb(dot)com> |
| Cc: | "Joe Conway" <mail(at)joeconway(dot)com>, "Stephen Frost" <sfrost(at)snowman(dot)net>, "Magnus Hagander" <magnus(at)hagander(dot)net>, "Robert Treat" <xzilla(at)users(dot)sourceforge(dot)net>, "pgsql-patches" <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: dblink connection security |
| Date: | 2007-07-09 03:27:16 |
| Message-ID: | 23781.1183951636@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Gregory Stark <stark(at)enterprisedb(dot)com> writes:
> My objection is that I think we should still revoke access for non-superuser
> by default. The patch makes granting execute reasonable for most users but
> nonetheless it shouldn't be the default.
> Being able to connect to a postgres server shouldn't mean being able to open
> tcp connections *from* that server to arbitrary other host/ports.
You forget that dblink isn't even installed by default. I could see
having some more verbiage in the documentation explaining these possible
security risks, but making it unusable is an overreaction.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2007-07-09 03:42:50 | Re: dblink connection security |
| Previous Message | Gregory Stark | 2007-07-09 03:26:10 | Re: dblink connection security |