Re: [patch] fix dblink security hole
| От | David Fetter |
|---|---|
| Тема | Re: [patch] fix dblink security hole |
| Дата | |
| Msg-id | 20080912172125.GQ27694@fetter.org обсуждение исходный текст |
| Ответ на | Re: [patch] fix dblink security hole (Alvaro Herrera <alvherre@commandprompt.com>) |
| Список | pgsql-hackers |
On Fri, Sep 12, 2008 at 01:14:36PM -0400, Alvaro Herrera wrote: > Marko Kreen escribió: > > Currently dblink allows regular users to initiate libpq connection > > to user-provided connection string. This breaks the default > > policy that normal users should not be allowed to freely interact > > with outside environment. > > Since people is now working on implementing the SQL/MED stuff to > manage connections, I don't see any code for this. Is there some? > should we bounce this patch? With luck, the CREATE CONNECTION (?) > stuff will be done for the next commitfest and we can just switch > dblink to use that instead. That would be great :) > http://archives.postgresql.org/message-id/e51f66da0809050539x1b25ebb9t7fd664fd67b9f607@mail.gmail.com > > Thoughts? Can we really expect SQL/MED connection mgmt to be done > for the next fest? Connection management would be awesome. The whole SQL/MED spec is gigantic, tho. Should we see about an implementation roadmap for the parts we care about? Cheers, David. -- David Fetter <david@fetter.org> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: david.fetter@gmail.com Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate
В списке pgsql-hackers по дате отправления: