aboutsummaryrefslogtreecommitdiff
path: root/contrib/dblink/dblink.sql.in
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/dblink/dblink.sql.in')
-rw-r--r--contrib/dblink/dblink.sql.in18
1 files changed, 18 insertions, 0 deletions
diff --git a/contrib/dblink/dblink.sql.in b/contrib/dblink/dblink.sql.in
index e99ea05ec78..b6e8f55ab81 100644
--- a/contrib/dblink/dblink.sql.in
+++ b/contrib/dblink/dblink.sql.in
@@ -1,3 +1,5 @@
+-- dblink_connect now restricts non-superusers to password
+-- authenticated connections
CREATE OR REPLACE FUNCTION dblink_connect (text)
RETURNS text
AS 'MODULE_PATHNAME','dblink_connect'
@@ -8,6 +10,22 @@ RETURNS text
AS 'MODULE_PATHNAME','dblink_connect'
LANGUAGE C STRICT;
+-- dblink_connect_u allows non-superusers to use
+-- non-password authenticated connections, but initially
+-- privileges are revoked from public
+CREATE OR REPLACE FUNCTION dblink_connect_u (text)
+RETURNS text
+AS 'MODULE_PATHNAME','dblink_connect'
+LANGUAGE C STRICT SECURITY DEFINER;
+
+CREATE OR REPLACE FUNCTION dblink_connect_u (text, text)
+RETURNS text
+AS 'MODULE_PATHNAME','dblink_connect'
+LANGUAGE C STRICT SECURITY DEFINER;
+
+REVOKE ALL ON FUNCTION dblink_connect_u (text) FROM public;
+REVOKE ALL ON FUNCTION dblink_connect_u (text, text) FROM public;
+
CREATE OR REPLACE FUNCTION dblink_disconnect ()
RETURNS text
AS 'MODULE_PATHNAME','dblink_disconnect'
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 07:39:15 +0000