Log Message:
-----------
The original patch to disallow non-passworded connections to non-superusers
failed to cover all the ways in which a connection can be initiated in dblink.
Plug the remaining holes. Also, disallow transient connections in functions
for which that feature makes no sense (because they are only sensible as
part of a sequence of operations on the same connection). Joe Conway
Security: CVE-2007-6601
Tags:
----
REL8_2_STABLE
Modified Files:
--------------
pgsql/contrib/dblink:
dblink.c (r1.60.2.1 -> r1.60.2.2)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/dblink/dblink.c?r1=1.60.2.1&r2=1.60.2.2)
pgsql/contrib/dblink/expected:
dblink.out (r1.18 -> r1.18.2.1)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/dblink/expected/dblink.out?r1=1.18&r2=1.18.2.1)
pgsql/contrib/dblink/sql:
dblink.sql (r1.16 -> r1.16.2.1)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/dblink/sql/dblink.sql?r1=1.16&r2=1.16.2.1)
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
