diff options
| author | Jeff Davis <jdavis@postgresql.org> | 2024-01-12 13:41:36 -0800 |
|---|---|---|
| committer | Jeff Davis <jdavis@postgresql.org> | 2024-01-12 13:41:36 -0800 |
| commit | 5c31669058b5550b4b3d623c07bc4203c11b8316 (patch) | |
| tree | a4b14e4019276cd67e5c5d93a3bad14f2d6710e1 /doc/src | |
| parent | a1604237a6ffee70b171bacd5f36b0e380afd33a (diff) | |
| download | postgresql-5c31669058b5550b4b3d623c07bc4203c11b8316.tar.gz postgresql-5c31669058b5550b4b3d623c07bc4203c11b8316.zip | |
Re-validate connection string in libpqrcv_connect().
A superuser may create a subscription with password_required=true, but
which uses a connection string without a password.
Previously, if the owner of such a subscription was changed to a
non-superuser, the non-superuser was able to utilize a password from
another source (like a password file or the PGPASSWORD environment
variable), which should not have been allowed.
This commit adds a step to re-validate the connection string before
connecting.
Reported-by: Jeff Davis
Author: Vignesh C
Reviewed-by: Peter Smith, Robert Haas, Amit Kapila
Discussion: https://www.postgresql.org/message-id/flat/e5892973ae2a80a1a3e0266806640dae3c428100.camel%40j-davis.com
Backpatch-through: 16
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/ref/create_subscription.sgml | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index f1c20b3a465..c7ace922f92 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -357,11 +357,12 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl <term><literal>password_required</literal> (<type>boolean</type>)</term> <listitem> <para> - Specifies whether connections to the publisher made as a result - of this subscription must use password authentication. This setting - is ignored when the subscription is owned by a superuser. - The default is <literal>true</literal>. Only superusers can set - this value to <literal>false</literal>. + If set to <literal>true</literal>, connections to the publisher made + as a result of this subscription must use password authentication + and the password must be specified as a part of the connection + string. This setting is ignored when the subscription is owned by a + superuser. The default is <literal>true</literal>. Only superusers + can set this value to <literal>false</literal>. </para> </listitem> </varlistentry> |