Quick Links

Re: dblink vs SQL/MED - security and implementation details

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc:	pgsql-hackers(at)postgresql(dot)org, Joe Conway <mail(at)joeconway(dot)com>, Martin Pihlak <martin(dot)pihlak(at)gmail(dot)com>
Subject:	Re: dblink vs SQL/MED - security and implementation details
Date:	2009-01-06 17:50:51
Message-ID:	8646.1231264251@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> I think you want some permission checking on fdtest then, right?

What about the permissions on the system catalogs themselves?
AFAICT, the pg_user_mappings view will expose user passwords to
the "owner" of the foreign server, which doesn't seem good.

regards, tom lane

In response to

Re: dblink vs SQL/MED - security and implementation details at 2009-01-06 17:45:16 from Peter Eisentraut

Responses

Re: dblink vs SQL/MED - security and implementation details at 2009-01-06 18:25:14 from Peter Eisentraut
Re: dblink vs SQL/MED - security and implementation details at 2009-01-06 18:48:01 from Martin Pihlak

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Bruce Momjian	2009-01-06 17:57:36	Re: Warning about the 8.4 release
Previous Message	Peter Eisentraut	2009-01-06 17:45:16	Re: dblink vs SQL/MED - security and implementation details