Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings
Christoph Berg <myon@debian.org>
From: Christoph Berg <myon@debian.org>
To: Andrew Dunstan <andrew.dunstan@2ndquadrant.com>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-01-09T10:45:11Z
Lists: pgsql-hackers
Re: To Andrew Dunstan 2020-01-09 <20200109103014.GA4192@msg.df7cb.de> > sslcert/sslkey options can only be set/modified by superusers when > "password_required" is set. But when password_required is not set, any > user and create user mappings that reference arbitrary files on the > server filesystem. (A nice addition here which would avoid the problems would be the possibility to pass in the certificates as strings, but that needs support in libpq.) Christoph
Commits
-
Only superuser can set sslcert/sslkey in postgres_fdw user mappings
- cebf9d6e6ee1 13.0 landed