Re: dblink connection security

Robert Treat wrote:
> Patch based on recent -hackers discussions, it removes usage from public, and
> adds a note to the documentation about why this is neccessary.
>

I agree with the fix as the simplest and most sensible approach, and in
general with the doc change, but I'm not inclined to reference the
security paper. Maybe something like:

    As a security precaution, dblink revokes access from PUBLIC role
    usage for the dblink_connect functions. It is not safe to allow
    remote users to execute dblink from a database in a PostgreSQL
    installation that allows local account access using the "trust"
    authentication method. In that case, remote users could gain
    access to other accounts via dblink. If "trust" authentication
    is disabled, this is no longer an issue.

I suppose this ought to be applied back through the 7.3 branch?


Joe