diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c
index 0e01470..0f90f1e 100644
--- a/contrib/dblink/dblink.c
+++ b/contrib/dblink/dblink.c
@@ -164,6 +164,7 @@ typedef struct remoteConnHashEnt
 			} \
 			else \
 			{ \
+				dblink_security_check(conn, rconn); \
 				connstr = conname_or_str; \
 				conn = PQconnectdb(connstr); \
 				if (PQstatus(conn) == CONNECTION_BAD) \
@@ -175,7 +176,6 @@ typedef struct remoteConnHashEnt
 							 errmsg("could not establish connection"), \
 							 errdetail("%s", msg))); \
 				} \
-				dblink_security_check(conn, rconn); \
 				freeconn = true; \
 			} \
 	} while (0)
@@ -215,6 +215,8 @@ dblink_connect(PG_FUNCTION_ARGS)
 	PGconn	   *conn = NULL;
 	remoteConn *rconn = NULL;
 
+	dblink_security_check(conn, rconn);
+
 	DBLINK_INIT;
 
 	if (PG_NARGS() == 2)
@@ -246,9 +248,6 @@ dblink_connect(PG_FUNCTION_ARGS)
 				 errdetail("%s", msg)));
 	}
 
-	/* check password used if not superuser */
-	dblink_security_check(conn, rconn);
-
 	if (connname)
 	{
 		rconn->conn = conn;
@@ -2236,6 +2235,11 @@ dblink_security_check(PGconn *conn, remoteConn *rconn)
 {
 	if (!superuser())
 	{
+		ereport(ERROR, 
+			(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+			 errmsg("only superuser can specify connect string / call \"dblink_connect()\""))); 
+#if 0
+
 		if (!PQconnectionUsedPassword(conn))
 		{
 			PQfinish(conn);
@@ -2248,6 +2252,7 @@ dblink_security_check(PGconn *conn, remoteConn *rconn)
 				   errdetail("Non-superuser cannot connect if the server does not request a password."),
 				   errhint("Target server's authentication method must be changed.")));
 		}
+#endif
 	}
 }