Re: [HACKERS] postgres_fdw super user checks

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Cc: Ashutosh Bapat <ashutosh(dot)bapat(at)enterprisedb(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, Andreas Karlsson <andreas(at)proxel(dot)se>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [HACKERS] postgres_fdw super user checks
Date: 2017-12-01 17:10:12
Message-ID: CA+TgmoY1-f_G9mjun-NCcPina47n+urHsDJL8HMWJxyoM7gcgQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-hackers

On Fri, Dec 1, 2017 at 12:31 AM, Michael Paquier
<michael(dot)paquier(at)gmail(dot)com> wrote:
> I am moving this patch to next CF 2018-01.

There now seems to be a consensus for superuser -> superuser_arg
rather than what Jeff did originally; that approach has 4 votes and
nothing else has more than 1. So, here's a patch that does it that
way.

I tried to see if some documentation update was needed, but I think
the documentation already reflects the proposed new behavior. It
says:

<para>
Only superusers may connect to foreign servers without password
authentication, so always specify the <literal>password</literal> option
for user mappings belonging to non-superusers.
</para>

Currently, however, that's not accurate. Right now you need to
specify the password option for user mappings that will be *used by*
non-superusers, not user mappings *belonging to* non-superusers. So
this patch is, I think, just making the actual behavior match the
documented behavior. Not sure if anyone has any other suggestions
here. I think this is definitely a master-only change; should we try
to insert some kind of warning into the back-branch docs? I
definitely think this should be called out in the v11 release notes.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Attachment Content-Type Size
postgres-fdw-superuser.patch application/octet-stream 2.0 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2017-12-01 17:13:01 Re: [HACKERS] Partition-wise join for join between (declaratively) partitioned tables
Previous Message Robert Haas 2017-12-01 16:37:38 Re: Transform for pl/perl