This page in other versions: 9.3 / 9.4 / 9.5 / 9.6 / current (10)  |  Development versions: devel / 11  |  Unsupported versions: 8.3 / 8.4 / 9.0 / 9.1 / 9.2



dblink_connect_u -- opens a persistent connection to a remote database, insecurely


    dblink_connect_u(text connstr) returns text
    dblink_connect_u(text connname, text connstr) returns text


dblink_connect_u() is identical to dblink_connect(), except that it will allow non-superusers to connect using any authentication method.

If the remote server selects an authentication method that does not involve a password, then impersonation and subsequent escalation of privileges can occur, because the session will appear to have originated from the user as which the local PostgreSQL server runs. Therefore, dblink_connect_u() is initially installed with all privileges revoked from PUBLIC, making it un-callable except by superusers. In some situations it may be appropriate to grant EXECUTE permission for dblink_connect_u() to specific users who are considered trustworthy, but this should be done with care.

For further details see dblink_connect().

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group