Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings

Christoph Berg <myon@debian.org>

From: Christoph Berg <myon@debian.org>
To: Andrew Dunstan <andrew.dunstan@2ndquadrant.com>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-01-09T10:45:11Z
Lists: pgsql-hackers
Re: To Andrew Dunstan 2020-01-09 <20200109103014.GA4192@msg.df7cb.de>
> sslcert/sslkey options can only be set/modified by superusers when
> "password_required" is set. But when password_required is not set, any
> user and create user mappings that reference arbitrary files on the
> server filesystem.

(A nice addition here which would avoid the problems would be the
possibility to pass in the certificates as strings, but that needs
support in libpq.)

Christoph



Commits

  1. Only superuser can set sslcert/sslkey in postgres_fdw user mappings