Обсуждение: Is postgres_fdw "safe"?

Поиск
Список
Период
Сортировка

Is postgres_fdw "safe"?

От
Marcin Borkowski
Дата:
Hello,

I noticed that the docs for postgres_fdw lack the clause about it being
"trusted".  Does that mean that `create extension postgres_fdw` poses
any known security risks?  If so, what should I do to minimize them?

TIA,

-- 
Marcin Borkowski
http://mbork.pl

Re: Is postgres_fdw "safe"?

От
Ron
Дата:
On 10/20/23 03:29, Marcin Borkowski wrote:
> Hello,
>
> I noticed that the docs for postgres_fdw lack the clause about it being
> "trusted".  Does that mean that `create extension postgres_fdw` poses
> any known security risks?  If so, what should I do to minimize them?

I think a better question to ask is if extensions are implicitly trusted 
unless explicitly marked untrusted.

-- 
Born in Arizona, moved to Babylonia.

Re: Is postgres_fdw "safe"?

От
Tom Lane
Дата:
Marcin Borkowski <mbork@mbork.pl> writes:
> I noticed that the docs for postgres_fdw lack the clause about it being
> "trusted".  Does that mean that `create extension postgres_fdw` poses
> any known security risks?  If so, what should I do to minimize them?

It's a definitional question I guess.  We don't mark anything trusted
if it can be used to cause outside-the-database effects; and in this
case the ability to connect to other databases qualifies as that.

            regards, tom lane

Сайт использует файлы cookie для корректной работы и повышения удобства. Нажимая кнопку «Принять» или продолжая пользоваться сайтом, вы соглашаетесь на их использование в соответствии с Политикой в отношении обработки cookie ООО «ППГ», в том числе на передачу данных из файлов cookie сторонним статистическим и рекламным службам. Вы можете управлять настройками cookie через параметры вашего браузера