Re: Re: Accessing other databases with DBLink when leaving user/password empty

Hermann Muster wrote:
> Hi Adrian,
>
> I tried what you suggested, but still get the following Error:
> "Error connecting to the server: fe_sendauth: no password supplied"
>
> What is it I'm doing wrong? Isn't it possible to leave the password
> empty so that PostgreSQL can retrieve it from the current account?
>

Your login password isn't kept anywhere in the session, so it's not
possible for dblink to retrieve it. Furthermore, allowing passwordless
authentication via dblink is considered a security risk, as it's
potentially possible to escalate your access privileges to superuser.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278 and
http://www.securityfocus.com/archive/1/archive/1/471541/100/0/threaded
for more info on this issue.


--
Tommy Gildseth
DBA, Gruppe for databasedrift
Universitetet i Oslo, USIT
m: +47 45 86 38 50
t: +47 22 85 29 39