Hermann Muster wrote:
Hi Adrian,
I tried what you suggested, but still get the following Error:
"Error connecting to the server: fe_sendauth: no password supplied"
What is it I'm doing wrong? Isn't it possible to leave the password
empty so that PostgreSQL can retrieve it from the current account?
Your login password isn't kept anywhere in the session, so it's not
possible for dblink to retrieve it. Furthermore, allowing passwordless
authentication via dblink is considered a security risk, as it's
potentially possible to escalate your access privileges to superuser.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278 and
http://www.securityfocus.com/archive/1/archive/1/471541/100/0/threaded
for more info on this issue.
--
Tommy Gildseth
DBA, Gruppe for databasedrift
Universitetet i Oslo, USIT
m: +47 45 86 38 50
t: +47 22 85 29 39
