* Florian Pflug ([EMAIL PROTECTED]) wrote: > Gregory Stark wrote: > >All that really has to happen is that dblink should by default not be > >callable > >by any user other than Postgres. DBAs should be required to manually run > >"GRANT EXECUTE ON dblink_connect(text) TO public;" if that's what he wants. > > That serves the purpose of making PG "secure by default" (whatever that > means > exactly) well, and surely is a good short-term solution. > But it severely limits the usefulness of dblink on setup where PG uses > ident auth either via TCP or unix-sockets - there seems to be no way to > securely users use dblink in such a setup.
Uh, have the admin create appropriate views. > Therefore I think there should be a ToDO > "Explore how dblink can be made safe if used together with ident > authentication" > or something similar. I disagree. What dblink *does* is insecure and in general *shouldn't* be something regular users can do. That goes well and beyond just the ident case, imv, but it's handy thing to point to atm. > The ideal solution would IMHO be to authenticate a user using dblink as > the user he used to connect to PG in the first place - but since ident is > handled outside of PG that might be impossible to archive without some > really bad hacks. So maybe just finding a way to disable ident auth for > connections made via dblink is sufficient. erm, this isn't dblink anymore, this is cross-database stuff that should be done completely differently from dblink, if it's going to be done at all. Thanks, Stephen
Description: Digital signature