| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Gregory Stark <stark(at)enterprisedb(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, pgsql-patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: dblink connection security |
| Date: | 2007-07-09 03:49:00 |
| Message-ID: | 4691B02C.6090105@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Gregory Stark wrote:
> Consider a scenario like "package <x> uses dblink". Sysadmin follows
> instructions for package <x> and installs dblink. Now package <x>'s
> documentation isn't going to explain the second-order effects and discuss
> restricting who has access to dblink. The sysadmin has no particular interest
> in using dblink himself and probably will never read any dblink docs.
>
> On the other hand if dblink can't be executed by random users then when
> package x tells you to install dblink it will also tell you to grant access to
> the user that package runs as. The sysadmin can consider which users that
> should be.
>
See my last email...
Consider a scenario like "package <x> uses <arbitrary function y in an
untrusted language z>". Exact same concerns arise.
Joe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2007-07-09 03:55:28 | Re: dblink connection security |
| Previous Message | Gregory Stark | 2007-07-09 03:45:56 | Re: dblink connection security |