1DBLINK_CONNECT_U(3)      PostgreSQL 13.4 Documentation     DBLINK_CONNECT_U(3)
2
3
4

NAME

6       dblink_connect_u - opens a persistent connection to a remote database,
7       insecurely
8

SYNOPSIS

10       dblink_connect_u(text connstr) returns text
11       dblink_connect_u(text connname, text connstr) returns text
12

DESCRIPTION

14       dblink_connect_u() is identical to dblink_connect(), except that it
15       will allow non-superusers to connect using any authentication method.
16
17       If the remote server selects an authentication method that does not
18       involve a password, then impersonation and subsequent escalation of
19       privileges can occur, because the session will appear to have
20       originated from the user as which the local PostgreSQL server runs.
21       Also, even if the remote server does demand a password, it is possible
22       for the password to be supplied from the server environment, such as a
23       ~/.pgpass file belonging to the server's user. This opens not only a
24       risk of impersonation, but the possibility of exposing a password to an
25       untrustworthy remote server. Therefore, dblink_connect_u() is initially
26       installed with all privileges revoked from PUBLIC, making it
27       un-callable except by superusers. In some situations it may be
28       appropriate to grant EXECUTE permission for dblink_connect_u() to
29       specific users who are considered trustworthy, but this should be done
30       with care. It is also recommended that any ~/.pgpass file belonging to
31       the server's user not contain any records specifying a wildcard host
32       name.
33
34       For further details see dblink_connect().
35
36
37
38PostgreSQL 13.4                      2021                  DBLINK_CONNECT_U(3)
Impressum