| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Marko Kreen <markokr(at)gmail(dot)com>, Postgres Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [patch] fix dblink security hole |
| Date: | 2008-09-22 03:40:02 |
| Message-ID: | 48D71392.6030009@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Joe Conway <mail(at)joeconway(dot)com> writes:
>> New patch attached.
>
> erm ... wait a minute. This approach doesn't actually solve the problem
> at all, because conninfo_parse is responsible for filling in various
> sorts of default values. In particular it would happily pull a password
> from the services file or the PGPASSWORD environment variable, and
> looking at the array after the fact doesn't tell whether that happened.
>
> Refactoring doesn't seem like an easy way to fix this, because of the
> problem that the behavior of pulling up defaults is part of the API
> specification for PQconndefaults().
>
> Thoughts?
Hmm, I could have sworn I looked for that, and saw it elsewhere. Anyway,
you are obviously correct.
conninfo_parse() is presently only called from a few places -- maybe we
should have conninfo_parse() really just parse, and create a new
conninfo_get_missing() or some such that fills in missing values?
Joe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-09-22 03:44:05 | Re: [patch] fix dblink security hole |
| Previous Message | Tom Lane | 2008-09-22 03:25:16 | Re: [patch] fix dblink security hole |