From: | "Darko Prenosil" <Darko(dot)Prenosil(at)finteh(dot)hr> |
---|---|
To: | <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: User Privileges using dblink |
Date: | 2004-06-29 17:37:57 |
Message-ID: | 002701c45dff$e7df6f00$1e82bfd5@darko |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Write a function that returns connection parameters (instead of hardcoding
it into view) using CURENT_USER as parameter.
create view inst as select * from dblink(
get_connection_param(CURRENT_USER) )
where get_connection_param is Your function returning text. Using system
user name is not problem at all, but password is.
You can read encrypted password from pg_shadow but only if You are a
superuser, otherwise it is another security hole...
However this is not a dblink problem, and can be summarized as:
How can I know my own password ?
I think that even server does not know Your password, it only knows
encrypted presentation (someone else could know this better).
Regards !
----- Original Message -----
From: "Kreißl, Karsten" <KREISSL(at)his(dot)de>
To: <pgsql-hackers(at)postgresql(dot)org>
Sent: Tuesday, June 22, 2004 11:50 AM
Subject: [HACKERS] User Privileges using dblink
Hello,
we want use dblink to connect several databases in a client/server
environment. Connection from local users to the remote databases should be
possible only for privileged users. We tried a solution with dblink,
embedding this command in a view, like this:
create view inst as select * from dblink('host=pollux port=5432
dbname=cob_int user=his_int password=#integration#', .....
This solution is insecure, because login and password is readable for
everyone.
We tried to call dblink without username and login, but it fails,i.e.
create view inst as select * from dblink('host=pollux port=5432
dbname=cob_int', .....
What we are searching for, is a solution which uses the current login
information (user and password).
The second problem with dblink is a security hole. If you have a table
without any grants for the current user, this user can create a view to
circumvent the table privileges, i.e..
Current user is svawork (not a superuser!). Current database is sva4_int1.
Table inst has privileges only for a user sva. If user svawork tried to read
from inst it fails. This is ok.
If svawork create a view like:
create view myinst as select * from dblink('dbname=sva4_int1','select ....
from inst') as (.......);
The view connect not to a remote database. It uses the local database.
You can read the data from table inst without any restrictions! (Select *
from myinst ...)
This problem could also be resolved, if dblink uses the current login
information.
Any solutions welcome.
Karsten
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
message can get through to the mailing list cleanly
From | Date | Subject | |
---|---|---|---|
Next Message | Darko Prenosil | 2004-06-29 18:11:08 | Re: User Privileges using dblink |
Previous Message | Josh Berkus | 2004-06-29 17:36:48 | Re: lock timeout patch |