Sunday, September 21, 2008

Re: [HACKERS] [patch] fix dblink security hole

Tom Lane wrote:
> "Marko Kreen" <> writes:
>> On 9/21/08, Joe Conway <> wrote:
>>> Why? pg_service does not appear to support wildcards, so what is the attack
>>> vector?
>> "service=foo host=custom"
> The proposal to require a password = foo entry in the conn string seems
> to resolve all of these, without taking away useful capability. I don't
> think that forbidding use of services altogether is a good thing.
> So that seems to tilt the decision towards exposing the conninfo_parse
> function. Joe, do you want to have a go at it, or shall I?

Agreed. I'll take a stab at it.


Sent via pgsql-hackers mailing list (
To make changes to your subscription:

No comments: