Skip site navigation (1) Skip section navigation (2)

Re: Bugtraq: Having Fun With PostgreSQL

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Gregory Stark <stark(at)enterprisedb(dot)com>
Cc: "Andrew Hammond" <andrew(dot)george(dot)hammond(at)gmail(dot)com>, "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Bugtraq: Having Fun With PostgreSQL
Date: 2007-06-26 20:56:13
Message-ID: 28568.1182891373@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Gregory Stark <stark(at)enterprisedb(dot)com> writes:
> All that really has to happen is that dblink should by default not be
> callable by any user other than Postgres.

Yeah, that is not an unreasonable change.  Someone suggested it far
upthread, but we seem to have gotten distracted :-(

> The only problem with this is that dblink provides 36 different functions

I think just having the install script revoke public execute access
on the connection-establishing functions would be sufficient.  There
are only two of 'em.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Greg SmithDate: 2007-06-26 21:27:16
Subject: Re: Bgwriter LRU cleaning: we've been going at this all wrong
Previous:From: Tom LaneDate: 2007-06-26 20:24:55
Subject: Bgwriter LRU cleaning: we've been going at this all wrong

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group