From: | Adam Witney <awitney(at)sgul(dot)ac(dot)uk> |
---|---|
To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
Subject: | Is this a security risk? |
Date: | 2008-12-16 12:38:49 |
Message-ID: | CD665D50-0E21-43E0-B51B-5CF60D814989@sgul.ac.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
I would like to provide a limited view of my database to some users,
so i thought of creating a second database (I can control access by IP
address through pg_hba.conf) with some views that queried the first
database using dblink.
The problem is that dblink requires non-superusers to provide a
password, but i would like to use the authentication from the first
database connection in the second dblink connection.
I can do this with the example below, but i was wondering is this a
really bad idea or does it create a security hole?
Example code:
CREATE DATABASE test1;
CREATE DATABASE test2;
\c test1
CREATE TABLE test (id int);
INSERT INTO test VALUES(1);
INSERT INTO test VALUES(2);
\c test2
CREATE OR REPLACE FUNCTION my_func() RETURNS SETOF record
AS $$
DECLARE
_username text;
_query text;
_row record;
old_path text;
BEGIN
old_path := pg_catalog.current_setting('search_path');
PERFORM pg_catalog.set_config('search_path', 'public, pg_temp',
true);
SELECT INTO _username session_user;
_query := 'SELECT * FROM dblink(''dbname=test1'', ''SET SESSION
AUTHORIZATION ' || _username || ';';
_query := _query || ' SELECT * FROM test'') ';
_query := _query || ' AS t1(id int);';
FOR _row IN EXECUTE _query LOOP
RETURN NEXT _row;
END LOOP;
PERFORM pg_catalog.set_config('search_path', old_path, true);
END;
$$
LANGUAGE plpgsql SECURITY DEFINER;
SELECT * FROM my_func() AS (id int);
thanks for any help
adam
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2008-12-16 13:18:10 | Re: how to load text file that has embeded nul character |
Previous Message | Danail Pavlov | 2008-12-16 12:16:25 | Postgre Tables problem |