| From: | Martin Pihlak <martin(dot)pihlak(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Joe Conway <mail(at)joeconway(dot)com> |
| Subject: | Re: dblink vs SQL/MED - security and implementation details |
| Date: | 2009-01-06 18:48:01 |
| Message-ID: | 4963A761.8070002@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
>> I think you want some permission checking on fdtest then, right?
>
> What about the permissions on the system catalogs themselves?
> AFAICT, the pg_user_mappings view will expose user passwords to
> the "owner" of the foreign server, which doesn't seem good.
>
Usually it would have been the server owner who created those user
mappings in the first place -- so the passwords are already known
to him/her. Of course it is possible to create the mappings first
and later change the ownership of the server, thus exposing the
passwords to a new role. But IMHO, it would be reasonable to assume
that the owner of the server has full control over its user mappings.
regards,
Martin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2009-01-06 18:56:18 | Re: Is it really such a great idea for spi.h to include the world? |
| Previous Message | Tom Lane | 2009-01-06 18:46:28 | Re: SPI nesting in plperl |