Home > mailing lists

Re: Feature request dblink: Security issue - dblink user+password parameters must be optional - Mailing list pgsql-general

From	Marko Kreen
Subject	Re: Feature request dblink: Security issue - dblink user+password parameters must be optional
Date	January 28, 2009 05:07:19
Msg-id	e51f66da0901280107p78cba189xa85f6a09ad41e3a2@mail.gmail.com Whole thread Raw
In response to	Feature request dblink: Security issue - dblink user+password parameters must be optional (Hermann Muster <Hermann.Muster@gmx.de>)
List	pgsql-general

Tree view

On 1/28/09, Hermann Muster <Hermann.Muster@gmx.de> wrote:
> When creating a view via DBLINK, the user=... and password=... parameters
> shall be optional. If they are left out, then the current user accessing the
> view shall be impersonated implicitely to the "dblinked" database as well.
> Forcing anybody to hardcode a password readable within the view definition
> should be an absolute DON'T!
>
>  Haven't found a better place to post this request. Hope the author of
> dblink is reading it here, too. :-)

I think this will be properly fixed by SQL-MED connection handling in 8.4.

In older version maybe you can use wrapper function around dblink
that constructs per-user connect string.

--
marko

pgsql-general by date:

From: Sim Zacks
Date: 28 January 2009, 04:28:52
Subject: Re: Rollback of Query Cancellation

From: Dave Page
Date: 28 January 2009, 05:18:38
Subject: Re: About PostgreSQL Installer

Re: Feature request dblink: Security issue - dblink user+password parameters must be optional - Mailing list pgsql-general

Previous

Next