Robert Treat wrote:
> Patch based on recent -hackers discussions, it removes usage from public, and
> adds a note to the documentation about why this is neccessary.
>
I agree with the fix as the simplest and most sensible approach, and in
general with the doc change, but I'm not inclined to reference the
security paper. Maybe something like:
As a security precaution, dblink revokes access from PUBLIC role
usage for the dblink_connect functions. It is not safe to allow
remote users to execute dblink from a database in a PostgreSQL
installation that allows local account access using the "trust"
authentication method. In that case, remote users could gain
access to other accounts via dblink. If "trust" authentication
is disabled, this is no longer an issue.
I suppose this ought to be applied back through the 7.3 branch?
Joe