* Gregory Stark ([EMAIL PROTECTED]) wrote: > "Joe Conway" <[EMAIL PROTECTED]> writes: > > If there are no objections I'll commit this later today. > > My objection is that I think we should still revoke access for non-superuser > by default. The patch makes granting execute reasonable for most users but > nonetheless it shouldn't be the default. > > Being able to connect to a postgres server shouldn't mean being able to open > tcp connections *from* that server to arbitrary other host/ports. Consider for > example that it would allow a user to perform a port scan from inside your > network to see what internal services are running.
I'm in agreement with Greg. It's a poor idea, overall, to allow users
to initiate TCP connections from the backend. That should be a
superuser-only ability and should require security definer functions
with appropriate safe-guards (which would be site-specific) to be
created by the end admins.
Thanks,
Stephen
signature.asc
Description: Digital signature
