Обсуждение: DBLink's default user: postgres
Is this the regular behavior on DBLink?<br /><br />rot=> SELECT user, current_database();<br /> current_user | current_database<br/>--------------+------------------<br /> sa_rot | rot<br />(1 registro)<br /><br />rot=> SELECT* <br />rot-> FROM dblink('dbname=escola',<br />rot(> 'SELECT user, current_database()')<br />rot-> AS (usrname, db name);<br /> usr | db<br />----------+--------<br /> postgres | escola<br />(1 registro) <br /><br />Thisway, I fear DBLink functions should become a vulnerability issue on my database.<br />Is there any way to protect oroverride this setting? Or it should be done on pg_hba.conf only?<br clear="all" /><br />-- <br />Regards, <br /><br />RodrigoHjort<br /><a href="http://icewall.org/~hjort">http://icewall.org/~hjort</a><br /><br />
Rodrigo Hjort wrote: > Is this the regular behavior on DBLink? > > rot=> SELECT user, current_database(); > current_user | current_database > --------------+------------------ > sa_rot | rot > (1 registro) > > rot=> SELECT * > rot-> FROM dblink('dbname=escola', > rot(> 'SELECT user, current_database()') > rot-> AS (usr name, db name); > usr | db > ----------+-------- > postgres | escola > (1 registro) > > This way, I fear DBLink functions should become a vulnerability issue > on my database. > Is there any way to protect or override this setting? Or it should be > done on pg_hba.conf only? This issue has been thoroughly discussed before. You can read more about it in f.ex these threads: http://archives.postgresql.org/pgsql-hackers/2007-06/msg00678.php http://archives.postgresql.org/pgsql-patches/2007-07/msg00000.php -- Tommy Gildseth