Joe Conway wrote: > I'm mainly concerned about re-opening security holes that we spent a lot > of time debating and subsequently closing. I suspect if we assume that > any FDW-derived connect string can bypass the checks we put in place, we > will regret it later. But I'm open to arguments on both sides... >
In order to create a foreign server, the user needs USAGE on the foreign data wrapper. Creating user mappings requires the user to be the owner of the server. Both need explicit grants or alters by the superuser. This is a bit more relaxed than the current superuser check, but still only trusted users can define arbitrary connections. Also, allowing passwordless user mappings adds some flexibility for defining connections - storing passwords in .pgpass, pgservice or not using a password at all (pg_hba trust etc.). regards, Martin -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
