Log Message: ----------- Fix dblink_connect() so that it verifies that a password is supplied in the conninfo string *before* trying to connect to the remote server, not after. As pointed out by Marko Kreen, in certain not-very-plausible situations this could result in sending a password from the postgres user's .pgpass file, or other places that non-superusers shouldn't have access to, to an untrustworthy remote server. The cleanest fix seems to be to expose libpq's conninfo-string-parsing code so that dblink can check for a password option without duplicating the parsing logic. Joe Conway, with a little cleanup by Tom Lane Modified Files: -------------- pgsql/contrib/dblink: dblink.c (r1.74 -> r1.75) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/contrib/dblink/dblink.c?r1=1.74&r2=1.75) pgsql/doc/src/sgml: dblink.sgml (r1.4 -> r1.5) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/dblink.sgml?r1=1.4&r2=1.5) libpq.sgml (r1.263 -> r1.264) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/libpq.sgml?r1=1.263&r2=1.264) pgsql/src/interfaces/libpq: exports.txt (r1.21 -> r1.22) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/exports.txt?r1=1.21&r2=1.22) fe-connect.c (r1.360 -> r1.361) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-connect.c?r1=1.360&r2=1.361) libpq-fe.h (r1.143 -> r1.144) (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/libpq-fe.h?r1=1.143&r2=1.144)
pgsql-committers by date:
Соглашаюсь с условиями обработки персональных данных
