"Robert Treat" <[EMAIL PROTECTED]> writes: >> In particular Postgres's "trust" authentication is one such system. It >> authenticates connecting users based on the unix userid of the process >> forming the connection. In typical configurations any user who is granted >> execute access to dblink can form connections as the "postgres" user which >> is the database super-user. If "trust" authentication is disabled this is >> no longer an issue. > > Did you mean s/trust/ident/g, otherwise I don't think I understand the > above... granted the combination of trust for localhost does open a door > for remote users if they have access to dblink, but I don't think that's what > you were trying to say.
Er quite right. Moreover it's not even true that ``"if "ident" authentication is disabled this is no longer an issue''. It's still possible to have other restrictions in pg_hba which dblink would allow you to circumvent. That sentence is too generous of a promise. -- Gregory Stark EnterpriseDB http://www.enterprisedb.com ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
