Only superuser can set sslcert/sslkey in postgres_fdw user mappings

Othrwise there is a security risk.

Discussion: https://postgr.es/m/20200109103014.GA4192@msg.df7cb.de

1 files changed, 5 insertions, 1 deletions

diff --git a/doc/src/sgml/postgres-fdw.sgml b/doc/src/sgml/postgres-fdw.sgml
index 812e62cb363..94992be4272 100644
--- a/doc/src/sgml/postgres-fdw.sgml
+++ b/doc/src/sgml/postgres-fdw.sgml
@@ -130,7 +130,7 @@
      </listitem>
      <listitem>
       <para>
-       <literal>sslkey</literal> and <literal>sslpassword</literal> - these may
+       <literal>sslkey</literal> and <literal>sslcert</literal> - these may
        appear in <emphasis>either or both</emphasis> a connection and a user
        mapping. If both are present, the user mapping setting overrides the
        connection setting.
@@ -140,6 +140,10 @@
    </para>
 
    <para>
+    Only superusers may create or modify user mappings with the
+    <literal>sslcert</literal> or <literal>sslkey</literal> settings.
+   </para>
+   <para>
     Only superusers may connect to foreign servers without password
     authentication, so always specify the <literal>password</literal> option
     for user mappings belonging to non-superusers.