Postgresql 中文操作指南
dblink_connect_u
dblink_connect_u — 以不安全的方式打开与远程数据库的持久连接
dblink_connect_u — opens a persistent connection to a remote database, insecurely
Synopsis
dblink_connect_u(text connstr) returns text
dblink_connect_u(text connname, text connstr) returns textDescription
dblink_connect_u() 与 dblink_connect() 相同,只不过它允许非超级用户使用任何身份验证方法进行连接。
dblink_connect_u() is identical to dblink_connect(), except that it will allow non-superusers to connect using any authentication method.
如果远程服务器选择了不涉及密码的身份验证方法,则可能会发生冒充和随后的特权提升,因为该会话似乎是从本地 PostgreSQL 服务器运行的用户发起。此外,即使远程服务器要求提供密码,也有可能从服务器环境(例如属于服务器用户的 ~/.pgpass 文件)提供密码。这样不仅存在冒充风险,而且还可能向不可信远程服务器泄露密码。因此, dblink_connect_u() 最初安装时已撤销了 PUBLIC 的所有特权,使其只有超级用户才可调用。在某些情况下,授予 EXECUTE 对 dblink_connect_u() 的权限给特定值得信任的用户可能是适当的,但应谨慎行事。还建议服务器用户的 ~/.pgpass 文件 not 不包含任何指定通配符主机名的记录。
If the remote server selects an authentication method that does not involve a password, then impersonation and subsequent escalation of privileges can occur, because the session will appear to have originated from the user as which the local PostgreSQL server runs. Also, even if the remote server does demand a password, it is possible for the password to be supplied from the server environment, such as a ~/.pgpass file belonging to the server’s user. This opens not only a risk of impersonation, but the possibility of exposing a password to an untrustworthy remote server. Therefore, dblink_connect_u() is initially installed with all privileges revoked from PUBLIC, making it un-callable except by superusers. In some situations it may be appropriate to grant EXECUTE permission for dblink_connect_u() to specific users who are considered trustworthy, but this should be done with care. It is also recommended that any ~/.pgpass file belonging to the server’s user not contain any records specifying a wildcard host name.
有关详细信息,请参见 dblink_connect() 。
For further details see dblink_connect().