Robert Haas wrote:
> On Wed, Jul 26, 2017 at 5:38 AM, Ashutosh Bapat
> <ashutosh.bapat@enterprisedb.com> wrote:
> > According to F.34.1.1 at [1] passing connection string as dbname
> > option should work, so your question is valid. I am not aware of any
> > discussion around this on hackers. Comments in connect_pg_server()
> > don't help either. But I guess, we expect users to set up individual
> > foreign server and user mapping options instead of putting those in a
> > connection string. I can not think of any reason except that it
> > improves readability. If postgres_fdw wants to take certain actions
> > based on the values of individual options, having them separate is
> > easier to handle than parsing them out of a connection string.
> >
> > Any way, if we are not going to change current behaviour, we should
> > change the documentation and say that option dbname means "database
> > name" and not a connection string.
>
> I kind of wonder if this had some security aspect to it? But not sure.
Yeah, me too. As I recall, if the flag is not set, parameters set by
the FDW server earlier in the conninfo can be changed by params that
appear in the dbname. Offhand I can't see any obvious security
implications, but then I've not thought about it very hard.
--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services