Only superuser can set sslcert/sslkey in postgres_fdw user mappings

Othrwise there is a security risk. Discussion: https://postgr.es/m/20200109103014.GA4192@msg.df7cb.de
2025-06-17 17:02:08 +03:00 · 2020-01-13 18:08:09 +10:30
parent 4e514c6180
commit cebf9d6e6e
4 changed files with 31 additions and 1 deletions
--- a/doc/src/sgml/postgres-fdw.sgml
+++ b/doc/src/sgml/postgres-fdw.sgml
@ -130,7 +130,7 @@
     </listitem>
     <listitem>
      <para>
-       <literal>sslkey</literal> and <literal>sslpassword</literal> - these may
+       <literal>sslkey</literal> and <literal>sslcert</literal> - these may
       appear in <emphasis>either or both</emphasis> a connection and a user
       mapping. If both are present, the user mapping setting overrides the
       connection setting.
@ -139,6 +139,10 @@
    </itemizedlist>
   </para>

+   <para>
+    Only superusers may create or modify user mappings with the
+    <literal>sslcert</literal> or <literal>sslkey</literal> settings.
+   </para>
   <para>
    Only superusers may connect to foreign servers without password
    authentication, so always specify the <literal>password</literal> option