| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Gregory Stark <stark(at)enterprisedb(dot)com>, Andrew Hammond <andrew(dot)george(dot)hammond(at)gmail(dot)com>, Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Bugtraq: Having Fun With PostgreSQL |
| Date: | 2007-06-26 22:17:28 |
| Message-ID: | 46819078.70005@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Gregory Stark <stark(at)enterprisedb(dot)com> writes:
>
>> All that really has to happen is that dblink should by default not be
>> callable by any user other than Postgres.
>>
>
> Yeah, that is not an unreasonable change. Someone suggested it far
> upthread, but we seem to have gotten distracted :-(
>
>
>> The only problem with this is that dblink provides 36 different functions
>>
>
> I think just having the install script revoke public execute access
> on the connection-establishing functions would be sufficient. There
> are only two of 'em.
>
>
>
+1 on this.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-06-26 22:31:52 | Re: Bgwriter LRU cleaning: we've been going at this all wrong |
| Previous Message | Tom Lane | 2007-06-26 22:10:11 | Re: Frustrating issue with PGXS |