Re: dblink connection security

Robert Treat <xzilla@users.sourceforge.net> writes:
> Tom Lane wrote:
>> I like this approach better than removing public execute privileges
>> on the functions, for two reasons:

> I think this will break backwards compatability though.

Well, revoking public execute will break backwards compatibility too.

If you have a situation where you think it's safe to allow a
non-superuser to get at passwordless connections, you could wrap the
dblink_connect function in a postgres-owned SECURITY DEFINER function.
So either change can be worked around to get the old behavior if necessary.

            regards, tom lane