| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Sullivan <ajs(at)commandprompt(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [patch] plproxy v2 |
| Date: | 2008-07-22 14:53:56 |
| Message-ID: | 28271.1216738436@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andrew Sullivan <ajs(at)commandprompt(dot)com> writes:
> On Mon, Jul 21, 2008 at 09:32:57PM -0400, Tom Lane wrote:
>> "Marko Kreen" <markokr(at)gmail(dot)com> writes:
>>> 2. If cluster connection strings do not have 'user=' key,
>>> ' user=' || current_username() is appended to it.
>>
>> Cool, I missed that. At minimum the documentation has to explain this
>> point and emphasize the security implications. Is it a good idea
>> to allow user= in the cluster strings at all?
> I wondered about this myself. Is there anything at all preventing me
> from doing 'user=' for some other user? If not. . .
I think the assumption is that the cluster connection info would be set
up by a superuser. However, if there's any way for a non-superuser to
subvert the info returned by the plproxy configuration functions, you
got trouble. So a lot would depend on how carefully those are coded.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Browne | 2008-07-22 14:54:28 | Re: Postgres-R: primary key patches |
| Previous Message | Marko Kreen | 2008-07-22 14:50:05 | Re: [patch] plproxy v2 |