rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/contrib
History
Robert Haas ab3f008a2d postgres_fdw: Judge password use by run-as user, not session user. 
This is a backward incompatibility which should be noted in the
release notes for PostgreSQL 11.

For security reasons, we require that a postgres_fdw foreign table use
password authentication when accessing a remote server, so that an
unprivileged user cannot usurp the server's credentials.  Superusers
are exempt from this requirement, because we assume they are entitled
to usurp the server's credentials or, at least, can find some other
way to do it.

But what should happen when the foreign table is accessed by a view
owned by a user different from the session user?  Is it the view owner
that must be a superuser in order to avoid the requirement of using a
password, or the session user?  Historically it was the latter, but
this requirement makes it the former instead.  This allows superusers
to delegate to other users the right to select from a foreign table
that doesn't use password authentication by creating a view over the
foreign table and handing out rights to the view.  It is also more
consistent with the idea that access to a view should use the view
owner's privileges rather than the session user's privileges.

The upshot of this change is that a superuser selecting from a view
created by a non-superuser may now get an error complaining that no
password was used, while a non-superuser selecting from a view
created by a superuser will no longer receive such an error.

No documentation changes are present in this patch because the
wording of the documentation already suggests that it works this
way.  We should perhaps adjust the documentation in the back-branches,
but that's a task for another patch.

Originally proposed by Jeff Janes, but with different semantics;
adjusted to work like this by me per discussion.

Discussion: http://postgr.es/m/CA+TgmoaY4HsVZJv5SqEjCKLDwtCTSwXzKpRftgj50wmMMBwciA@mail.gmail.com
 		2017-12-05 11:33:24 -05:00
..
adminpack Clean up assorted messiness around AllocateDir() usage. 2017-12-04 17:02:56 -05:00
amcheck Minor code-cleanliness improvements for btree. 2017-09-18 16:36:28 -04:00
auth_delay Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
auto_explain Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
bloom Tighten test in contrib/bloom/t/001_wal.pl. 2017-11-10 12:30:01 -05:00
btree_gin Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
btree_gist Change TRUE/FALSE to true/false 2017-11-08 11:37:28 -05:00
citext Disable multi-byte citext tests 2017-09-19 15:31:37 -04:00
cube Support index-only scans in contrib/cube and contrib/seg GiST indexes. 2017-11-20 20:25:18 -05:00
dblink Change TRUE/FALSE to true/false 2017-11-08 11:37:28 -05:00
dict_int Update copyright via script for 2017 2017-01-03 13:48:53 -05:00
dict_xsyn Add some const decorations to prototypes 2017-11-10 13:38:57 -05:00
earthdistance Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
file_fdw Change TRUE/FALSE to true/false 2017-11-08 11:37:28 -05:00
fuzzystrmatch Update typedefs.list and re-run pgindent 2017-11-29 09:24:24 -05:00
hstore Avoid formally-undefined use of memcpy() in hstoreUniquePairs(). 2017-11-25 14:42:10 -05:00
hstore_plperl Make DatumGetFoo/PG_GETARG_FOO/PG_RETURN_FOO macro names more consistent. 2017-09-18 15:21:23 -04:00
hstore_plpython Consistently catch errors from Python _New() functions 2017-11-18 13:39:53 -05:00
intagg Schema-qualify some references to regprocedure. 2016-06-10 10:41:58 -04:00
intarray Change TRUE/FALSE to true/false 2017-11-08 11:37:28 -05:00
isn Update typedefs.list and re-run pgindent 2017-11-29 09:24:24 -05:00
lo lo: Add test suite 2017-09-14 22:22:59 -04:00
ltree Change TRUE/FALSE to true/false 2017-11-08 11:37:28 -05:00
ltree_plpython Consistently catch errors from Python _New() functions 2017-11-18 13:39:53 -05:00
oid2name Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
pageinspect Change tupledesc->attrs[n] to TupleDescAttr(tupledesc, n). 2017-08-20 11:19:07 -07:00
passwordcheck Simplify new test suite handling of passwordcheck 2017-11-02 12:57:04 -04:00
pg_buffercache Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
pg_freespacemap Default monitoring roles 2017-03-30 14:18:53 -04:00
pg_prewarm Add background worker type 2017-09-29 11:08:24 -04:00
pg_standby Fix assorted infelicities in new SetWALSegSize() function. 2017-09-24 12:05:06 -04:00
pg_stat_statements pg_stat_statements: Add a comment about the dangers of padding bytes. 2017-10-20 09:44:03 -04:00
pg_trgm Change TRUE/FALSE to true/false 2017-11-08 11:37:28 -05:00
pg_visibility Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
pgcrypto Add some const decorations to prototypes 2017-11-10 13:38:57 -05:00
pgrowlocks Teach pgrowlocks to check relkind before scanning 2017-06-21 23:19:13 -04:00
pgstattuple Minor code-cleanliness improvements for btree. 2017-09-18 16:36:28 -04:00
postgres_fdw postgres_fdw: Judge password use by run-as user, not session user. 2017-12-05 11:33:24 -05:00
seg Support index-only scans in contrib/cube and contrib/seg GiST indexes. 2017-11-20 20:25:18 -05:00
sepgsql Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
spi Document and use SPI_result_code_string() 2017-10-04 22:14:21 -04:00
sslinfo Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
start-scripts Remove contrib/start-scripts/osx/. 2017-11-17 12:53:20 -05:00
tablefunc Change tupledesc->attrs[n] to TupleDescAttr(tupledesc, n). 2017-08-20 11:19:07 -07:00
tcn Change tupledesc->attrs[n] to TupleDescAttr(tupledesc, n). 2017-08-20 11:19:07 -07:00
test_decoding Fix crash when logical decoding is invoked from a PL function. 2017-10-06 19:18:58 -04:00
tsm_system_rows Update copyright via script for 2017 2017-01-03 13:48:53 -05:00
tsm_system_time Update copyright via script for 2017 2017-01-03 13:48:53 -05:00
unaccent Add some const decorations to prototypes 2017-11-10 13:38:57 -05:00
uuid-ossp Add some const decorations to prototypes 2017-11-10 13:38:57 -05:00
vacuumlo Initial pgindent run with pg_bsd_indent version 2.0. 2017-06-21 14:39:04 -04:00
xml2 Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
Makefile Remove contrib/chkpass 2017-09-22 11:49:48 -04:00
README Rename 'gmake' to 'make' in docs and recommended commands 2014-02-12 17:29:19 -05:00
contrib-global.mk Respect TEMP_CONFIG when pg_regress_check and friends are called 2016-02-27 12:28:21 -05:00

README 

The PostgreSQL contrib tree
---------------------------

This subtree contains porting tools, analysis utilities, and plug-in
features that are not part of the core PostgreSQL system, mainly
because they address a limited audience or are too experimental to be
part of the main source tree.  This does not preclude their
usefulness.

User documentation for each module appears in the main SGML
documentation.

When building from the source distribution, these modules are not
built automatically, unless you build the "world" target.  You can
also build and install them all by running "make all" and "make
install" in this directory; or to build and install just one selected
module, do the same in that module's subdirectory.

Some directories supply new user-defined functions, operators, or
types.  To make use of one of these modules, after you have installed
the code you need to register the new SQL objects in the database
system by executing a CREATE EXTENSION command.  In a fresh database,
you can simply do

    CREATE EXTENSION module_name;

See the PostgreSQL documentation for more information about this
procedure.