Re: dblink: Add SCRAM pass-through authentication
Peter Eisentraut <peter@eisentraut.org>
From: Peter Eisentraut <peter@eisentraut.org>
To: Matheus Alcantara <matheusssilv97@gmail.com>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>,
PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-03-26T10:41:18Z
Lists: pgsql-hackers
On 24.03.25 21:33, Matheus Alcantara wrote: >> I'm a bit confused about the refactoring patch 0001. There are some >> details there that don't seem right. For example, you write that the >> pfree(rconn) calls are no longer necessary, but AFAICT, it would still >> be needed in dblink_get_conn(). Also, there appear to be some possible >> behavior changes, or at least it's not fully explained, like >> connect_pg_server() doing foreign-server name resolution, which >> dblink_get_conn() did not do before. >> >> But it's actually not clear to me how the refactoring in 0001 >> contributes to making the patch 0002 better, since patch 0002 barely >> touches the code touched by 0001. >> >> How would patch 0002 look without 0001 before it? Which code would need >> to be duplicated or what other awkward changes are you trying to avoid? > You are right, I think that the refactor was needed on the initial > versions of the patch because it was referencing the UseScramPassthrough > function in multiple places, so the refactor was needed to accomplish the > parameters of the function. > > Since we now assume that the UseScramPassthrough is already checked on > some parts of the code I agree that this refactor is not required > anymore. Attached v11 without the refactor patch. Committed. I cut down the documentation a bit and instead linked to postgres_fdw for some of the details. I think that's better than having to maintain that text in two different places.
Commits
-
dblink: SCRAM authentication pass-through
- 3642df265d09 18.0 landed
-
postgres_fdw: improve security checks
- 76563f88cfbd 18.0 landed