Re: [patch] fix dblink security hole

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: [patch] fix dblink security hole
Дата
Msg-id 11293.1222084303@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: [patch] fix dblink security hole  (Joe Conway <mail@joeconway.com>)
Ответы Re: [patch] fix dblink security hole
Список pgsql-hackers
Joe Conway <mail@joeconway.com> writes:
> Tom Lane wrote:
>> What do you think about getting rid of the password_from_string state
>> variable?  It was always a bit of a kluge, and we don't seem to need
>> it anymore with this approach.

> It is still used in PQconnectionUsedPassword(). That is still needed to 
> prevent a non-superuser from logging in as the superuser if the server 
> does not require authentication.

No, the test to see if the server actually *asked* for the password is
the important part at that end.
        regards, tom lane


В списке pgsql-hackers по дате отправления:

Предыдущее
От: "Oleg Serov"
Дата:
Сообщение: HOWTO: FK: BIGINT[] -> BIGINT(Theoreticaly AnyElem[] -> AnyElem)
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Toasted table not deleted when no out of line columns left