From: | Tommy Gildseth <tommy(dot)gildseth(at)usit(dot)uio(dot)no> |
---|---|
To: | Hermann Muster <Hermann(dot)Muster(at)gmx(dot)de> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Re: Accessing other databases with DBLink when leaving user/password empty |
Date: | 2008-06-10 08:19:44 |
Message-ID: | 484E3920.6020800@usit.uio.no |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hermann Muster wrote:
> Hi Adrian,
>
> I tried what you suggested, but still get the following Error:
> "Error connecting to the server: fe_sendauth: no password supplied"
>
> What is it I'm doing wrong? Isn't it possible to leave the password
> empty so that PostgreSQL can retrieve it from the current account?
>
Your login password isn't kept anywhere in the session, so it's not
possible for dblink to retrieve it. Furthermore, allowing passwordless
authentication via dblink is considered a security risk, as it's
potentially possible to escalate your access privileges to superuser.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278 and
http://www.securityfocus.com/archive/1/archive/1/471541/100/0/threaded
for more info on this issue.
--
Tommy Gildseth
DBA, Gruppe for databasedrift
Universitetet i Oslo, USIT
m: +47 45 86 38 50
t: +47 22 85 29 39
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2008-06-10 08:43:03 | Re: Insert into master table ->" 0 rows affected" -> Hibernate problems |
Previous Message | Hermann Muster | 2008-06-10 07:41:39 | Re: Accessing other databases with DBLink when leaving user/password empty |