Re: pgsql: Superuser can permit passwordless connections on postgres_fdw
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Andrew Dunstan <andrew@dunslane.net>, pgsql-hackers@lists.postgresql.org
Date: 2019-12-21T02:18:06Z
Lists: pgsql-hackers
On Fri, Dec 20, 2019 at 02:42:22PM -0500, Tom Lane wrote: > Concretely, I think we ought to do (and back-patch) the attached. Thanks for the fix, I have not been able to look at that. > I notice in testing this that the "nosuper" business added by > 6136e94dc is broken in more ways than what the buildfarm is > complaining about: it leaves the role around at the end of the > test. That's a HUGE violation of project policy, for security > reasons as well as the fact that it makes it impossible to run > "make installcheck" twice without getting different results. Roles left behind at the end of a test are annoying. Here is an idea: make pg_regress check if any roles prefixed by "regress_" are left behind at the end of a test. This will not work until test_pg_dump is cleaned up, just a thought. -- Michael
Commits
-
Adjust test case added by commit 6136e94dc.
- 0af0504da91e 13.0 landed
-
libpq should expose GSS-related parameters even when not implemented.
- d09cfa3e2874 10.12 landed
- c11bd6c10fe5 9.6.17 landed
- 875c7d70def6 9.4.26 landed
- 5e22a111185c 9.5.21 landed
- 1a77ea02dca5 11.7 landed
- e8f60e6fe206 12.2 landed
- e60b480d39ee 13.0 landed
-
Superuser can permit passwordless connections on postgres_fdw
- 6136e94dcb88 13.0 cited