Re: [patch] plproxy v2
| От | Hannu Krosing |
|---|---|
| Тема | Re: [patch] plproxy v2 |
| Дата | |
| Msg-id | 1216915260.7001.53.camel@huvostro обсуждение исходный текст |
| Ответ на | Re: [patch] plproxy v2 (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Tue, 2008-07-22 at 11:25 -0400, Tom Lane wrote: > "Marko Kreen" <markokr@gmail.com> writes: > > And user can execute only pre-determines queries/functions on system2. > > If that were actually the case then the security issue wouldn't loom > quite so large, but the dynamic_query example in the plproxy regression > tests provides a perfect example of how to ruin your security. The idea is to allow the pl/proxy user only access to the needed functions and nothing else on the remote db side. dynamic_query ruins your security, if your pl/proxy remote user has too much privileges. > > Do you still see a big hole? > > Truck-sized, at least. > > The complaint here is not that it's impossible to use plproxy securely; > the complaint is that it's so very easy to use it insecurely. You mean "easy" like it is very easy to always use your OS as root ? On Unix this is fixed by stating it as a bad idea in docs (and numerous books), on windows you have a "privileged" checkbox when creating new users. --------------- Hannu
В списке pgsql-hackers по дате отправления: