Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Andrew Dunstan <andrew.dunstan@2ndquadrant.com>
Cc: Robert Haas <robertmhaas@gmail.com>,
Christoph Berg <myon@debian.org>,
PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2020-01-09T22:00:59Z
Lists: pgsql-hackers
> On 9 Jan 2020, at 22:38, Andrew Dunstan <andrew.dunstan@2ndquadrant.com> wrote: > I'm not (yet) > convinced that there is any significant security threat here. This > doesn't give the user or indeed any postgres code any access to the > contents of these files. But if there is a consensus to restrict this > I'll do it. I've seen successful exploits made from parts that I in my wildest imagination couldn't think be useful, so FWIW +1 for adding belts to suspenders and restricting this. cheers ./daniel
Commits
-
Only superuser can set sslcert/sslkey in postgres_fdw user mappings
- cebf9d6e6ee1 13.0 landed