Re: [patch] fix dblink security hole

Tom Lane wrote:
> Joe Conway <mail@joeconway.com> writes:
>> New patch attached.
> 
> erm ... wait a minute.  This approach doesn't actually solve the problem
> at all, because conninfo_parse is responsible for filling in various
> sorts of default values.  In particular it would happily pull a password
> from the services file or the PGPASSWORD environment variable, and
> looking at the array after the fact doesn't tell whether that happened.
> 
> Refactoring doesn't seem like an easy way to fix this, because of the
> problem that the behavior of pulling up defaults is part of the API
> specification for PQconndefaults().
> 
> Thoughts?

Hmm, I could have sworn I looked for that, and saw it elsewhere. Anyway, 
you are obviously correct.

conninfo_parse() is presently only called from a few places -- maybe we 
should have conninfo_parse() really just parse, and create a new 
conninfo_get_missing() or some such that fills in missing values?

Joe