Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
DBLINK_CONNECT_U(3)	PostgreSQL 9.6.19 Documentation	   DBLINK_CONNECT_U(3)

NAME
       dblink_connect_u	- opens	a persistent connection	to a remote database,
       insecurely

SYNOPSIS
       dblink_connect_u(text connstr) returns text
       dblink_connect_u(text connname, text connstr) returns text

DESCRIPTION
       dblink_connect_u() is identical to dblink_connect(), except that	it
       will allow non-superusers to connect using any authentication method.

       If the remote server selects an authentication method that does not
       involve a password, then	impersonation and subsequent escalation	of
       privileges can occur, because the session will appear to	have
       originated from the user	as which the local PostgreSQL server runs.
       Also, even if the remote	server does demand a password, it is possible
       for the password	to be supplied from the	server environment, such as a
       ~/.pgpass file belonging	to the server's	user. This opens not only a
       risk of impersonation, but the possibility of exposing a	password to an
       untrustworthy remote server. Therefore, dblink_connect_u() is initially
       installed with all privileges revoked from PUBLIC, making it
       un-callable except by superusers. In some situations it may be
       appropriate to grant EXECUTE permission for dblink_connect_u() to
       specific	users who are considered trustworthy, but this should be done
       with care. It is	also recommended that any ~/.pgpass file belonging to
       the server's user not contain any records specifying a wildcard host
       name.

       For further details see dblink_connect().

PostgreSQL 9.6.19		     2020		   DBLINK_CONNECT_U(3)

NAME | SYNOPSIS | DESCRIPTION

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=dblink_connect_u&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help