Skip site navigation (1) Skip section navigation (2)

Re: [patch] plproxy v2

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andrew Sullivan <ajs(at)commandprompt(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [patch] plproxy v2
Date: 2008-07-22 14:53:56
Message-ID: 28271.1216738436@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Andrew Sullivan <ajs(at)commandprompt(dot)com> writes:
> On Mon, Jul 21, 2008 at 09:32:57PM -0400, Tom Lane wrote:
>> "Marko Kreen" <markokr(at)gmail(dot)com> writes:
>>> 2.  If cluster connection strings do not have 'user=' key,
>>> ' user=' || current_username() is appended to it.
>> 
>> Cool, I missed that.  At minimum the documentation has to explain this
>> point and emphasize the security implications.  Is it a good idea
>> to allow user= in the cluster strings at all?

> I wondered about this myself.  Is there anything at all preventing me
> from doing 'user=' for some other user?  If not. . .

I think the assumption is that the cluster connection info would be set
up by a superuser.  However, if there's any way for a non-superuser to
subvert the info returned by the plproxy configuration functions, you
got trouble.  So a lot would depend on how carefully those are coded.

			regards, tom lane

In response to

pgsql-hackers by date

Next:From: Christopher BrowneDate: 2008-07-22 14:54:28
Subject: Re: Postgres-R: primary key patches
Previous:From: Marko KreenDate: 2008-07-22 14:50:05
Subject: Re: [patch] plproxy v2

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group