Re: dblink connection security

Joe Conway <mail@joeconway.com> writes:
> What about using the attached for 8.3, as well as earlier?

> It simply does not allow the local database user to become someone else
> on the libpq remote connection unless they are a superuser.

This assumes that usernames on the remote site are equivalent to those
locally.  Which is helpful for the sort of local-loop scenarios we've
been thinking about, but is hardly watertight even then (consider
multiple postmasters on one machine).  For remote connections it seems
counterproductive; you might as well say "you must be superuser" and
keep it simple.

            regards, tom lane