pgsql: postgres_fdw: improve security checks

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Peter Eisentraut <[email protected]>
To: [email protected]
Subject: pgsql: postgres_fdw: improve security checks
Date: Mon, 24 Mar 2025 15:01:37 +0000
Message-ID: <[email protected]> (raw)

postgres_fdw: improve security checks

SCRAM pass-through should not bypass the FDW security check as it was
implemented for postgres_fdw in commit 761c79508e7.

This commit improves the security check by adding new SCRAM
pass-through checks to ensure that the required SCRAM connection
options are not overwritten by the user mapping or foreign server
options.  This is meant to match the security requirements for a
password-using connection.

Since libpq has no SCRAM-specific equivalent of
PQconnectionUsedPassword(), we enforce this instead by making the
use_scram_passthrough option of postgres_fdw imply
require_auth=scram-sha-256.  This means that if use_scram_passthrough
is set, some situations that might otherwise have worked are
preempted, for example GSSAPI with delegated credentials.  This could
be enhanced in the future if there is desire for more flexibility.

Reported-by: Jacob Champion <[email protected]>
Author: Matheus Alcantara <[email protected]>
Co-authored-by: Jacob Champion <[email protected]>
Reviewed-by: Jacob Champion <[email protected]>
Discussion: https://www.postgresql.org/message-id/flat/CAFY6G8ercA1KES%3DE_0__R9QCTR805TTyYr1No8qF8ZxmMg8z2Q%40m...

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/76563f88cfbd91696e7ebe568dead648f2d229ff

Modified Files
--------------
contrib/postgres_fdw/connection.c        | 102 ++++++++++++++++++++++++++-----
contrib/postgres_fdw/t/001_auth_scram.pl |  41 +++++++++++++
doc/src/sgml/postgres-fdw.sgml           |  11 +---
3 files changed, 132 insertions(+), 22 deletions(-)

view thread (3+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: pgsql: postgres_fdw: improve security checks
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox