diff options
| author | Jeff Davis <jdavis@postgresql.org> | 2024-01-12 13:42:09 -0800 |
|---|---|---|
| committer | Jeff Davis <jdavis@postgresql.org> | 2024-01-12 13:42:09 -0800 |
| commit | 4c03ac7e2bc46988fe4ecf3b1aef393488786f12 (patch) | |
| tree | e1ff9956c956f5c94c1de28a1ab65b7ef019620b /doc/src | |
| parent | 9c00e4c7751f50e81636b0e837809b309bfe7ef6 (diff) | |
Re-validate connection string in libpqrcv_connect().
A superuser may create a subscription with password_required=true, but
which uses a connection string without a password.
Previously, if the owner of such a subscription was changed to a
non-superuser, the non-superuser was able to utilize a password from
another source (like a password file or the PGPASSWORD environment
variable), which should not have been allowed.
This commit adds a step to re-validate the connection string before
connecting.
Reported-by: Jeff Davis
Author: Vignesh C
Reviewed-by: Peter Smith, Robert Haas, Amit Kapila
Discussion: https://www.postgresql.org/message-id/flat/e5892973ae2a80a1a3e0266806640dae3c428100.camel%40j-davis.com
Backpatch-through: 16
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/ref/create_subscription.sgml | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index 71652fd9188..31a91c47c3e 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -357,11 +357,12 @@ CREATE SUBSCRIPTION <replaceable class="parameter">subscription_name</replaceabl <term><literal>password_required</literal> (<type>boolean</type>)</term> <listitem> <para> - Specifies whether connections to the publisher made as a result - of this subscription must use password authentication. This setting - is ignored when the subscription is owned by a superuser. - The default is <literal>true</literal>. Only superusers can set - this value to <literal>false</literal>. + If set to <literal>true</literal>, connections to the publisher made + as a result of this subscription must use password authentication + and the password must be specified as a part of the connection + string. This setting is ignored when the subscription is owned by a + superuser. The default is <literal>true</literal>. Only superusers + can set this value to <literal>false</literal>. </para> </listitem> </varlistentry> |