'\" t .\" Title: dblink_connect_u .\" Author: The PostgreSQL Global Development Group .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 2023 .\" Manual: PostgreSQL 15.4 Documentation .\" Source: PostgreSQL 15.4 .\" Language: English .\" .TH "DBLINK_CONNECT_U" "3" "2023" "PostgreSQL 15.4" "PostgreSQL 15.4 Documentation" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" dblink_connect_u \- opens a persistent connection to a remote database, insecurely .SH "SYNOPSIS" .sp .nf dblink_connect_u(text connstr) returns text dblink_connect_u(text connname, text connstr) returns text .fi .SH "DESCRIPTION" .PP \fBdblink_connect_u()\fR is identical to \fBdblink_connect()\fR, except that it will allow non\-superusers to connect using any authentication method\&. .PP If the remote server selects an authentication method that does not involve a password, then impersonation and subsequent escalation of privileges can occur, because the session will appear to have originated from the user as which the local PostgreSQL server runs\&. Also, even if the remote server does demand a password, it is possible for the password to be supplied from the server environment, such as a ~/\&.pgpass file belonging to the server\*(Aqs user\&. This opens not only a risk of impersonation, but the possibility of exposing a password to an untrustworthy remote server\&. Therefore, \fBdblink_connect_u()\fR is initially installed with all privileges revoked from PUBLIC, making it un\-callable except by superusers\&. In some situations it may be appropriate to grant EXECUTE permission for \fBdblink_connect_u()\fR to specific users who are considered trustworthy, but this should be done with care\&. It is also recommended that any ~/\&.pgpass file belonging to the server\*(Aqs user \fInot\fR contain any records specifying a wildcard host name\&. .PP For further details see \fBdblink_connect()\fR\&.