| From: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
|---|---|
| To: | laurenz(dot)albe(at)cybertec(dot)at |
| Cc: | euler(at)eulerto(dot)com, philflorent(at)hotmail(dot)com, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Error from the foreign RDBMS on a foreign table I have no privilege on |
| Date: | 2022-06-08 04:06:25 |
| Message-ID: | 20220608.130625.665509518109995128.horikyota.ntt@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
At Wed, 08 Jun 2022 12:09:27 +0900 (JST), Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> wrote in
> At Wed, 08 Jun 2022 04:38:02 +0200, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> wrote in
> > If anything, it should be done in the FDW, because it is only necessary if the
> > FDW calls the remote site during planning.
> >
> > The question is: is this a bug in postgres_fdw that should be fixed?
>
> It's depends on what we think about allowing remote access trials
> through unprivileged foreign table in any style. It won't be a
> problem if the system is configured appropriately but too-frequent
> estimate accesses via unprivileged foreign tables might be regarded as
> an attack attempt.
In other words, I don't think it's not a bug and no need to fix. If
one want to prevent such estimate accesses via unprivileged foreign
tables, it is enough to prevent non-privileged users from having a
user mapping. This might be worth documenting?
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kyotaro Horiguchi | 2022-06-08 04:08:16 | Re: Error from the foreign RDBMS on a foreign table I have no privilege on |
| Previous Message | Justin Pryzby | 2022-06-08 03:25:21 | Re: bogus: logical replication rows/cols combinations |