Fix dblink_connect() so that it verifies that a password is supplied in the

Tom Lane <tgl@sss.pgh.pa.us>

Commit: cae7ad906a0337120afe856b0a76b03b8ffc7440
Author: Tom Lane <tgl@sss.pgh.pa.us>
Date: 2008-09-22T13:55:14Z
Releases: 8.4.0
Fix dblink_connect() so that it verifies that a password is supplied in the
conninfo string *before* trying to connect to the remote server, not after.
As pointed out by Marko Kreen, in certain not-very-plausible situations
this could result in sending a password from the postgres user's .pgpass file,
or other places that non-superusers shouldn't have access to, to an
untrustworthy remote server.  The cleanest fix seems to be to expose libpq's
conninfo-string-parsing code so that dblink can check for a password option
without duplicating the parsing logic.

Joe Conway, with a little cleanup by Tom Lane

Files

PathChange+/−
contrib/dblink/dblink.c modified +47 −2
doc/src/sgml/dblink.sgml modified +10 −3
doc/src/sgml/libpq.sgml modified +104 −35
src/interfaces/libpq/exports.txt modified +2 −1
src/interfaces/libpq/fe-connect.c modified +56 −6
src/interfaces/libpq/libpq-fe.h modified +7 −3