| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, Gregory Stark <stark(at)enterprisedb(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, pgsql-patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: dblink connection security |
| Date: | 2007-07-01 18:51:59 |
| Message-ID: | 20070701185159.GC4887@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
* Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> LDAP is not affected - it requires the user to enter a password. Same
> would be for any PAM plugins that actually require the user to enter a
> password, I think.
Agreed.
> Kerberos is not affected either, because the server does not get a copy
> of the ticket. In theory it could be affected if the server requested a
> delegation enabled ticket, and exported it so it could be used, but none
> of these are done.
That's quite a stretch even there, imv anyway... It'd have to be put
somewhere a backend connecting would think to look for it, given that
the user can't change the environment variables and whatnot (I don't
think) of the backend process... Regardless, strong wording against
allowing users to issue arbitrary connect's from a backend process is
appropriate, regardless of what's affected exactly (as that could
possibly change over time anyway too...).
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-07-01 19:05:35 | Re: dblink connection security |
| Previous Message | Gregory Stark | 2007-07-01 18:36:23 | Re: dblink connection security |