The original patch to disallow non-passworded connections to non-superusers

Tom Lane <tgl@sss.pgh.pa.us>

Commit: 919c9f6cceeae8468672462a23eab470e18ceda0
Author: Tom Lane <tgl@sss.pgh.pa.us>
Date: 2008-01-03T21:27:59Z
Releases: 8.3.0
The original patch to disallow non-passworded connections to non-superusers
failed to cover all the ways in which a connection can be initiated in dblink.
Plug the remaining holes.  Also, disallow transient connections in functions
for which that feature makes no sense (because they are only sensible as
part of a sequence of operations on the same connection).  Joe Conway

Security: CVE-2007-6601

Files

PathChange+/−
contrib/dblink/dblink.c modified +40 −38
contrib/dblink/expected/dblink.out modified +37 −0
contrib/dblink/sql/dblink.sql modified +9 −0