]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 579c025) | patch
Fix dblink_connect() so that it verifies that a password is supplied in the
authorTom Lane <tgl@sss.pgh.pa.us>
Mon, 22 Sep 2008 13:55:14 +0000 (13:55 +0000)
committerTom Lane <tgl@sss.pgh.pa.us>
Mon, 22 Sep 2008 13:55:14 +0000 (13:55 +0000)
commitcae7ad906a0337120afe856b0a76b03b8ffc7440
treeed5c181dfee6f69d46ecff8eaeaef77035c0466btree | snapshot
parent579c025e5fc8d3cc42fc65e1b23da20c9c9f4866commit | diff
Fix dblink_connect() so that it verifies that a password is supplied in the
conninfo string *before* trying to connect to the remote server, not after.
As pointed out by Marko Kreen, in certain not-very-plausible situations
this could result in sending a password from the postgres user's .pgpass file,
or other places that non-superusers shouldn't have access to, to an
untrustworthy remote server.  The cleanest fix seems to be to expose libpq's
conninfo-string-parsing code so that dblink can check for a password option
without duplicating the parsing logic.

Joe Conway, with a little cleanup by Tom Lane
contrib/dblink/dblink.c diff | blob | history
doc/src/sgml/dblink.sgml diff | blob | history
doc/src/sgml/libpq.sgml diff | blob | history
src/interfaces/libpq/exports.txt diff | blob | history
src/interfaces/libpq/fe-connect.c diff | blob | history
src/interfaces/libpq/libpq-fe.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.