Is postgres_fdw "safe"?

On 10/20/23 01:29, Marcin Borkowski wrote:

Hello,

I noticed that the docs for postgres_fdw lack the clause about it being
"trusted". Does that mean that `create extension postgres_fdw` poses
any known security risks? If so, what should I do to minimize them?

It allows connections to a database, so the same risks as any other
client that does the same thing.

TIA,

--
Adrian Klaver
adrian.klaver@aklaver.com

On 10/20/23 03:29, Marcin Borkowski wrote:

Hello,

I noticed that the docs for postgres_fdw lack the clause about it being
"trusted". Does that mean that `create extension postgres_fdw` poses
any known security risks? If so, what should I do to minimize them?

I think a better question to ask is if extensions are implicitly trusted
unless explicitly marked untrusted.

--
Born in Arizona, moved to Babylonia.

Marcin Borkowski <mbork@mbork.pl> writes:

I noticed that the docs for postgres_fdw lack the clause about it being
"trusted". Does that mean that `create extension postgres_fdw` poses
any known security risks? If so, what should I do to minimize them?

It's a definitional question I guess. We don't mark anything trusted
if it can be used to cause outside-the-database effects; and in this
case the ability to connect to other databases qualifies as that.

regards, tom lane