Re: Re: Accessing other databases with DBLink when leaving user/password empty

From: Tommy Gildseth <tommy(dot)gildseth(at)usit(dot)uio(dot)no>
To: Hermann Muster <Hermann(dot)Muster(at)gmx(dot)de>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Re: Accessing other databases with DBLink when leaving user/password empty
Date: 2008-06-10 08:19:44
Message-ID: 484E3920.6020800@usit.uio.no
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hermann Muster wrote:
> Hi Adrian,
>
> I tried what you suggested, but still get the following Error:
> "Error connecting to the server: fe_sendauth: no password supplied"
>
> What is it I'm doing wrong? Isn't it possible to leave the password
> empty so that PostgreSQL can retrieve it from the current account?
>

Your login password isn't kept anywhere in the session, so it's not
possible for dblink to retrieve it. Furthermore, allowing passwordless
authentication via dblink is considered a security risk, as it's
potentially possible to escalate your access privileges to superuser.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278 and
http://www.securityfocus.com/archive/1/archive/1/471541/100/0/threaded
for more info on this issue.

--
Tommy Gildseth
DBA, Gruppe for databasedrift
Universitetet i Oslo, USIT
m: +47 45 86 38 50
t: +47 22 85 29 39

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Magnus Hagander 2008-06-10 08:43:03 Re: Insert into master table ->" 0 rows affected" -> Hibernate problems
Previous Message Hermann Muster 2008-06-10 07:41:39 Re: Accessing other databases with DBLink when leaving user/password empty