On 2/5/15 10:48 AM, Tom Lane wrote:
Stephen Frost<sfr...@snowman.net> writes:
>* Robert Haas (robertmh...@gmail.com) wrote:
>>On Thu, Feb 5, 2015 at 10:48 AM, Stephen Frost<sfr...@snowman.net> wrote:
>>>And I thought this was about FDW options and not about dblink, really..
>>The OP is pretty clearly asking about dblink.
>I was just pointing out that it was an issue that all FDWs suffer from,
>since we don't have any way for an FDW to say "don't show this option",
>as discussed.
The dblink example is entirely uncompelling, given that as you said
somebody with access to a dblink connection could execute ALTER USER on
the far end.
Actually, you can eliminate that by not granting direct access to dblink
functions. Instead you create a SECURITY DEFINER function that sanity
checks the SQL you're trying to run and rejects things like ALTER USER.
While you're doing that, you can also lock away the connection
information. A former coworker actually built a system that does this,
at least to a limited degree.
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers