* Florian Pflug ([EMAIL PROTECTED]) wrote: > Gregory Stark wrote: > >All that really has to happen is that dblink should by default not be > >callable > >by any user other than Postgres. DBAs should be required to manually run > >"GRANT EXECUTE ON dblink_connect(text) TO public;" if that's what he wants. > > That serves the purpose of making PG "secure by default" (whatever that > means > exactly) well, and surely is a good short-term solution. > But it severely limits the usefulness of dblink on setup where PG uses > ident auth either via TCP or unix-sockets - there seems to be no way to > securely users use dblink in such a setup.
Uh, have the admin create appropriate views.
> Therefore I think there should be a ToDO
> "Explore how dblink can be made safe if used together with ident
> authentication"
> or something similar.
I disagree. What dblink *does* is insecure and in general *shouldn't*
be something regular users can do. That goes well and beyond just the
ident case, imv, but it's handy thing to point to atm.
> The ideal solution would IMHO be to authenticate a user using dblink as
> the user he used to connect to PG in the first place - but since ident is
> handled outside of PG that might be impossible to archive without some
> really bad hacks. So maybe just finding a way to disable ident auth for
> connections made via dblink is sufficient.
erm, this isn't dblink anymore, this is cross-database stuff that should
be done completely differently from dblink, if it's going to be done at
all.
Thanks,
Stephen
signature.asc
Description: Digital signature
