This page in other versions: 9.2 / 9.3 / 9.4 / 9.5 / current (9.6)  |  Development versions: devel  |  Unsupported versions: 8.3 / 8.4 / 9.0 / 9.1

dblink_connect_u

Name

dblink_connect_u -- opens a persistent connection to a remote database, insecurely

Synopsis

    dblink_connect_u(text connstr) returns text
    dblink_connect_u(text connname, text connstr) returns text
   

Description

dblink_connect_u() is identical to dblink_connect(), except that it will allow non-superusers to connect using any authentication method.

If the remote server selects an authentication method that does not involve a password, then impersonation and subsequent escalation of privileges can occur, because the session will appear to have originated from the user as which the local PostgreSQL server runs. Therefore, dblink_connect_u() is initially installed with all privileges revoked from PUBLIC, making it un-callable except by superusers. In some situations it may be appropriate to grant EXECUTE permission for dblink_connect_u() to specific users who are considered trustworthy, but this should be done with care.

For further details see dblink_connect().

Submit correction

If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.

Privacy Policy | About PostgreSQL
Copyright © 1996-2016 The PostgreSQL Global Development Group