Fix dblink_connect() so that it verifies that a password is supplied in the
Tom Lane <tgl@sss.pgh.pa.us>
Fix dblink_connect() so that it verifies that a password is supplied in the conninfo string *before* trying to connect to the remote server, not after. As pointed out by Marko Kreen, in certain not-very-plausible situations this could result in sending a password from the postgres user's .pgpass file, or other places that non-superusers shouldn't have access to, to an untrustworthy remote server. The cleanest fix seems to be to expose libpq's conninfo-string-parsing code so that dblink can check for a password option without duplicating the parsing logic. Joe Conway, with a little cleanup by Tom Lane
Files
| Path | Change | +/− |
|---|---|---|
| contrib/dblink/dblink.c | modified | +47 −2 |
| doc/src/sgml/dblink.sgml | modified | +10 −3 |
| doc/src/sgml/libpq.sgml | modified | +104 −35 |
| src/interfaces/libpq/exports.txt | modified | +2 −1 |
| src/interfaces/libpq/fe-connect.c | modified | +56 −6 |
| src/interfaces/libpq/libpq-fe.h | modified | +7 −3 |