On Tue, 2008-07-22 at 11:25 -0400, Tom Lane wrote: > "Marko Kreen" <[EMAIL PROTECTED]> writes: > > And user can execute only pre-determines queries/functions on system2. > > If that were actually the case then the security issue wouldn't loom > quite so large, but the dynamic_query example in the plproxy regression > tests provides a perfect example of how to ruin your security.
The idea is to allow the pl/proxy user only access to the needed functions and nothing else on the remote db side. dynamic_query ruins your security, if your pl/proxy remote user has too much privileges. > > Do you still see a big hole? > > Truck-sized, at least. > > The complaint here is not that it's impossible to use plproxy securely; > the complaint is that it's so very easy to use it insecurely. You mean "easy" like it is very easy to always use your OS as root ? On Unix this is fixed by stating it as a bad idea in docs (and numerous books), on windows you have a "privileged" checkbox when creating new users. --------------- Hannu -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers