Re: Bugtraq: Having Fun With PostgreSQL

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: Bugtraq: Having Fun With PostgreSQL
Дата
Msg-id 28568.1182891373@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: Bugtraq: Having Fun With PostgreSQL  (Gregory Stark <stark@enterprisedb.com>)
Ответы Re: Bugtraq: Having Fun With PostgreSQL  (Stephen Frost <sfrost@snowman.net>)
Re: Bugtraq: Having Fun With PostgreSQL  (Gregory Stark <stark@enterprisedb.com>)
Re: Bugtraq: Having Fun With PostgreSQL  (Andrew Dunstan <andrew@dunslane.net>)
Re: Bugtraq: Having Fun With PostgreSQL  (Jeremy Drake <pgsql@jdrake.com>)
Список pgsql-hackers
Дерево обсуждения 
Gregory Stark <stark@enterprisedb.com> writes:
> All that really has to happen is that dblink should by default not be
> callable by any user other than Postgres.

Yeah, that is not an unreasonable change.  Someone suggested it far
upthread, but we seem to have gotten distracted :-(

> The only problem with this is that dblink provides 36 different functions

I think just having the install script revoke public execute access
on the connection-establishing functions would be sufficient.  There
are only two of 'em.
        regards, tom lane

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Bgwriter LRU cleaning: we've been going at this all wrong
Следующее
От: Greg Smith
Дата:
Сообщение: Re: Bgwriter LRU cleaning: we've been going at this all wrong