forked frompostgres/postgres
- Notifications
You must be signed in to change notification settings - Fork6
Commitab3f008
committed
postgres_fdw: Judge password use by run-as user, not session user.
This is a backward incompatibility which should be noted in therelease notes for PostgreSQL 11.For security reasons, we require that a postgres_fdw foreign table usepassword authentication when accessing a remote server, so that anunprivileged user cannot usurp the server's credentials. Superusersare exempt from this requirement, because we assume they are entitledto usurp the server's credentials or, at least, can find some otherway to do it.But what should happen when the foreign table is accessed by a viewowned by a user different from the session user? Is it the view ownerthat must be a superuser in order to avoid the requirement of using apassword, or the session user? Historically it was the latter, butthis requirement makes it the former instead. This allows superusersto delegate to other users the right to select from a foreign tablethat doesn't use password authentication by creating a view over theforeign table and handing out rights to the view. It is also moreconsistent with the idea that access to a view should use the viewowner's privileges rather than the session user's privileges.The upshot of this change is that a superuser selecting from a viewcreated by a non-superuser may now get an error complaining that nopassword was used, while a non-superuser selecting from a viewcreated by a superuser will no longer receive such an error.No documentation changes are present in this patch because thewording of the documentation already suggests that it works thisway. We should perhaps adjust the documentation in the back-branches,but that's a task for another patch.Originally proposed by Jeff Janes, but with different semantics;adjusted to work like this by me per discussion.Discussion:http://postgr.es/m/CA+TgmoaY4HsVZJv5SqEjCKLDwtCTSwXzKpRftgj50wmMMBwciA@mail.gmail.com1 parentc572599 commitab3f008
1 file changed
+5
-5
lines changedLines changed: 5 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
75 | 75 | | |
76 | 76 | | |
77 | 77 | | |
78 | | - | |
| 78 | + | |
79 | 79 | | |
80 | 80 | | |
81 | 81 | | |
| |||
261 | 261 | | |
262 | 262 | | |
263 | 263 | | |
264 | | - | |
| 264 | + | |
265 | 265 | | |
266 | 266 | | |
267 | 267 | | |
| |||
276 | 276 | | |
277 | 277 | | |
278 | 278 | | |
279 | | - | |
| 279 | + | |
280 | 280 | | |
281 | 281 | | |
282 | 282 | | |
| |||
322 | 322 | | |
323 | 323 | | |
324 | 324 | | |
325 | | - | |
| 325 | + | |
326 | 326 | | |
327 | 327 | | |
328 | 328 | | |
329 | 329 | | |
330 | | - | |
| 330 | + | |
331 | 331 | | |
332 | 332 | | |
333 | 333 | | |
| |||
0 commit comments
Comments
(0)