Re: dblink connection security
| От | Gregory Stark |
|---|---|
| Тема | Re: dblink connection security |
| Дата | |
| Msg-id | 87abugeztk.fsf@oxford.xeocode.com обсуждение исходный текст |
| Ответ на | Re: dblink connection security (Robert Treat <xzilla@users.sourceforge.net>) |
| Список | pgsql-patches |
"Robert Treat" <xzilla@users.sourceforge.net> writes: >> In particular Postgres's "trust" authentication is one such system. It >> authenticates connecting users based on the unix userid of the process >> forming the connection. In typical configurations any user who is granted >> execute access to dblink can form connections as the "postgres" user which >> is the database super-user. If "trust" authentication is disabled this is >> no longer an issue. > > Did you mean s/trust/ident/g, otherwise I don't think I understand the > above... granted the combination of trust for localhost does open a door > for remote users if they have access to dblink, but I don't think that's what > you were trying to say. Er quite right. Moreover it's not even true that ``"if "ident" authentication is disabled this is no longer an issue''. It's still possible to have other restrictions in pg_hba which dblink would allow you to circumvent. That sentence is too generous of a promise. -- Gregory Stark EnterpriseDB http://www.enterprisedb.com
В списке pgsql-patches по дате отправления: