The original patch to disallow non-passworded connections to non-superusers

Tom Lane <tgl@sss.pgh.pa.us>

Commit: 58c7bef91386eba1ebb766413f33d4fe90b0948a
Author: Tom Lane <tgl@sss.pgh.pa.us>
Date: 2008-01-03T21:28:18Z
Releases: 8.2.6
The original patch to disallow non-passworded connections to non-superusers
failed to cover all the ways in which a connection can be initiated in dblink.
Plug the remaining holes.  Also, disallow transient connections in functions
for which that feature makes no sense (because they are only sensible as
part of a sequence of operations on the same connection).  Joe Conway

Security: CVE-2007-6601

Files

PathChange+/−
contrib/dblink/dblink.c modified +45 −44
contrib/dblink/expected/dblink.out modified +37 −0
contrib/dblink/sql/dblink.sql modified +9 −0