| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Allow superuser to grant passwordless connection rights on postgres_fdw |
| Date: | 2019-11-01 16:58:51 |
| Message-ID: | CA+TgmoZe-EEvJwtpWu8mW2=exzJ3kHZt1FB=ic01h5X1qNyiZw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Oct 31, 2019 at 4:58 PM Andrew Dunstan
<andrew(dot)dunstan(at)2ndquadrant(dot)com> wrote:
> This patch allows the superuser to grant passwordless connection rights
> in postgres_fdw user mappings.
This is clearly something that we need, as the current code seems
woefully ignorant of the fact that passwords are not the only
authentication method supported by PostgreSQL, nor even the most
secure.
But, I do wonder a bit if we ought to think harder about the overall
authentication model for FDW. Like, maybe we'd take a different view
of how to solve this particular piece of the problem if we were
thinking about how FDWs could do LDAP authentication, SSL
authentication, credentials forwarding...
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2019-11-01 16:59:50 | Re: pglz performance |
| Previous Message | Justin Pryzby | 2019-11-01 16:58:43 | Re: update ALTER TABLE with ATTACH PARTITION lock mode (docs) |