summaryrefslogtreecommitdiffstats
path: root/doc/src/sgml/man3/dblink_connect_u.3
blob: 07e753bd7506b5f99e3cdfc286738734ef8403e0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
'\" t
.\"     Title: dblink_connect_u
.\"    Author: The PostgreSQL Global Development Group
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: 2024
.\"    Manual: PostgreSQL 16.3 Documentation
.\"    Source: PostgreSQL 16.3
.\"  Language: English
.\"
.TH "DBLINK_CONNECT_U" "3" "2024" "PostgreSQL 16.3" "PostgreSQL 16.3 Documentation"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
dblink_connect_u \- opens a persistent connection to a remote database, insecurely
.SH "SYNOPSIS"
.sp
.nf
dblink_connect_u(text connstr) returns text
dblink_connect_u(text connname, text connstr) returns text
.fi
.SH "DESCRIPTION"
.PP
\fBdblink_connect_u()\fR
is identical to
\fBdblink_connect()\fR, except that it will allow non\-superusers to connect using any authentication method\&.
.PP
If the remote server selects an authentication method that does not involve a password, then impersonation and subsequent escalation of privileges can occur, because the session will appear to have originated from the user as which the local
PostgreSQL
server runs\&. Also, even if the remote server does demand a password, it is possible for the password to be supplied from the server environment, such as a
~/\&.pgpass
file belonging to the server\*(Aqs user\&. This opens not only a risk of impersonation, but the possibility of exposing a password to an untrustworthy remote server\&. Therefore,
\fBdblink_connect_u()\fR
is initially installed with all privileges revoked from
PUBLIC, making it un\-callable except by superusers\&. In some situations it may be appropriate to grant
EXECUTE
permission for
\fBdblink_connect_u()\fR
to specific users who are considered trustworthy, but this should be done with care\&. It is also recommended that any
~/\&.pgpass
file belonging to the server\*(Aqs user
\fInot\fR
contain any records specifying a wildcard host name\&.
.PP
For further details see
\fBdblink_connect()\fR\&.