| From: | joe(at)postgresql(dot)org (Joe Conway) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Restrict non-superusers to password authenticated connections to |
| Date: | 2007-07-08 17:12:38 |
| Message-ID: | 20070708171238.5358D9FB285@postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Log Message:
-----------
Restrict non-superusers to password authenticated connections
to prevent possible escalation of privilege. Provide new SECURITY
DEFINER functions with old behavior, but initially REVOKE ALL
from public for these functions. Per list discussion and design
proposed by Tom Lane. A different approach will be used for
back-branches, committed separately.
Modified Files:
--------------
pgsql/contrib/dblink:
dblink.c (r1.63 -> r1.64)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/dblink/dblink.c.diff?r1=1.63&r2=1.64)
dblink.sql.in (r1.11 -> r1.12)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/dblink/dblink.sql.in.diff?r1=1.11&r2=1.12)
pgsql/contrib/dblink/doc:
connection (r1.4 -> r1.5)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/dblink/doc/connection.diff?r1=1.4&r2=1.5)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-07-08 17:47:39 | pgsql: Fix broken markup. |
| Previous Message | Joe Conway | 2007-07-08 17:11:51 | pgsql: Arrange for the authentication request type to be preserved in |