postgresql

mirror of https://git.postgresql.org/git/postgresql.git synced 2024-08-23 03:00:41 +02:00

History

Jeff Davis 5c31669058 Re-validate connection string in libpqrcv_connect(). A superuser may create a subscription with password_required=true, but which uses a connection string without a password. Previously, if the owner of such a subscription was changed to a non-superuser, the non-superuser was able to utilize a password from another source (like a password file or the PGPASSWORD environment variable), which should not have been allowed. This commit adds a step to re-validate the connection string before connecting. Reported-by: Jeff Davis Author: Vignesh C Reviewed-by: Peter Smith, Robert Haas, Amit Kapila Discussion: https://www.postgresql.org/message-id/flat/e5892973ae2a80a1a3e0266806640dae3c428100.camel%40j-davis.com Backpatch-through: 16		2024-01-12 13:41:36 -08:00
..
src	Re-validate connection string in libpqrcv_connect().	2024-01-12 13:41:36 -08:00
KNOWN_BUGS
Makefile	Remove distprep	2023-11-06 15:18:04 +01:00
MISSING_FEATURES
TODO	Change documentation references to PG website to use https: not http:	2017-05-20 21:50:47 -04:00