| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Christoph Berg <myon(at)debian(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings |
| Date: | 2020-01-09 22:00:59 |
| Message-ID: | 2AFF8201-A7BD-491B-A118-2E2C290BD981@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 9 Jan 2020, at 22:38, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> wrote:
> I'm not (yet)
> convinced that there is any significant security threat here. This
> doesn't give the user or indeed any postgres code any access to the
> contents of these files. But if there is a consensus to restrict this
> I'll do it.
I've seen successful exploits made from parts that I in my wildest imagination
couldn't think be useful, so FWIW +1 for adding belts to suspenders and
restricting this.
cheers ./daniel
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-01-09 22:02:18 | Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings |
| Previous Message | Tom Lane | 2020-01-09 21:51:30 | Re: pgsql: Add basic TAP tests for psql's tab-completion logic. |