Re: [patch] fix dblink security hole

Tommy Gildseth wrote:
> Tom Lane wrote:
>> Okay.  I just committed the patch without that change, but I'll go back
>> and add it.
> 
> I'm not quite sure I fully understand the consequence of this change. 
> Does it basically mean that it's not possible to use .pgpass with dblink 
> for authentication?

It only applies to 8.4 (which is not yet released) and beyond.

dblink will still work as before for superusers.

> The alternative then would be to hardcode the password in your stored 
> procedures, or store it in a separate table somehow?

Trusted non-superusers can be granted permission to use dblink_connect_u().

Joe