From 4c03ac7e2bc46988fe4ecf3b1aef393488786f12 Mon Sep 17 00:00:00 2001 From: Jeff Davis Date: Fri, 12 Jan 2024 13:42:09 -0800 Subject: Re-validate connection string in libpqrcv_connect(). A superuser may create a subscription with password_required=true, but which uses a connection string without a password. Previously, if the owner of such a subscription was changed to a non-superuser, the non-superuser was able to utilize a password from another source (like a password file or the PGPASSWORD environment variable), which should not have been allowed. This commit adds a step to re-validate the connection string before connecting. Reported-by: Jeff Davis Author: Vignesh C Reviewed-by: Peter Smith, Robert Haas, Amit Kapila Discussion: https://www.postgresql.org/message-id/flat/e5892973ae2a80a1a3e0266806640dae3c428100.camel%40j-davis.com Backpatch-through: 16 --- doc/src/sgml/ref/create_subscription.sgml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/ref/create_subscription.sgml b/doc/src/sgml/ref/create_subscription.sgml index 71652fd9188..31a91c47c3e 100644 --- a/doc/src/sgml/ref/create_subscription.sgml +++ b/doc/src/sgml/ref/create_subscription.sgml @@ -357,11 +357,12 @@ CREATE SUBSCRIPTION subscription_namepassword_required (boolean) - Specifies whether connections to the publisher made as a result - of this subscription must use password authentication. This setting - is ignored when the subscription is owned by a superuser. - The default is true. Only superusers can set - this value to false. + If set to true, connections to the publisher made + as a result of this subscription must use password authentication + and the password must be specified as a part of the connection + string. This setting is ignored when the subscription is owned by a + superuser. The default is true. Only superusers + can set this value to false. -- cgit v1.2.3