Robert Treat wrote:
Patch based on recent -hackers discussions, it removes usage from public, and adds a note to the documentation about why this is neccessary.

I agree with the fix as the simplest and most sensible approach, and in general with the doc change, but I'm not inclined to reference the security paper. Maybe something like:

   As a security precaution, dblink revokes access from PUBLIC role
   usage for the dblink_connect functions. It is not safe to allow
   remote users to execute dblink from a database in a PostgreSQL
   installation that allows local account access using the "trust"
   authentication method. In that case, remote users could gain
   access to other accounts via dblink. If "trust" authentication
   is disabled, this is no longer an issue.

I suppose this ought to be applied back through the 7.3 branch?


---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at


Reply via email to