psql patch: new host/port

Started by David Fetterover 20 years ago9 messageshackers

Jump to latest

David Fetter

david@fetter.org

over 20 years ago

Folks,

Please find enclosed a patch that lets you use \c to connect
(optionally) to a new host and port without exiting psql.

Cheers,
D
--
David Fetter david@fetter.org http://fetter.org/
phone: +1 415 235 3778

Remember to vote!

Michael Glaesemann

grzm@seespotcode.net

over 20 years ago

In reply to: David Fetter (#1)

Re: psql patch: new host/port

On Dec 9, 2005, at 18:10 , David Fetter wrote:

Please find enclosed a patch that lets you use \c to connect
(optionally) to a new host and port without exiting psql.

I'm not familiar enough with the psql code to be able to tell, but is
this secure? The pg_hba.conf on the new server is enforced, I assume?

Michael Glaesemann
grzm myrealbox com

Peter Eisentraut

peter_e@gmx.net

over 20 years ago

In reply to: Michael Glaesemann (#2)

Re: psql patch: new host/port

Michael Glaesemann wrote:

I'm not familiar enough with the psql code to be able to tell, but is
this secure? The pg_hba.conf on the new server is enforced, I assume?

You don't need to be familiar with the psql code to know that it would
be pretty stupid if client programs could override the server
authentication setup.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

Michael Glaesemann

grzm@seespotcode.net

over 20 years ago

In reply to: Peter Eisentraut (#3)

Re: psql patch: new host/port

On Dec 12, 2005, at 20:33 , Peter Eisentraut wrote:

Michael Glaesemann wrote:

I'm not familiar enough with the psql code to be able to tell, but is
this secure? The pg_hba.conf on the new server is enforced, I assume?

You don't need to be familiar with the psql code to know that it would
be pretty stupid if client programs could override the server
authentication setup.

I'm sorry if I wasn't clear. My point was I'm not familiar enough
with the code to see if this implementation is secure. I do indeed
realize that clients bypassing server authentication is a Bad Thing.

Michael Glaesemann
grzm myrealbox com

Michael Glaesemann

grzm@seespotcode.net

over 20 years ago

In reply to: Michael Glaesemann (#4)

Re: psql patch: new host/port

On Dec 12, 2005, at 21:32 , Andrew Dunstan wrote:

The patch is to the client only, not even to libpq, so of course no
auth
bypass is involved.

Cool. Thanks for the explanation, Andrew.

Michael Glaesemann
grzm myrealbox com

Import Notes

Reply to msg id not found: 3120.24.211.165.134.1134390776.squirrel@www.dunslane.net

Andrew Dunstan

andrew@dunslane.net

over 20 years ago

In reply to: Michael Glaesemann (#4)

Re: psql patch: new host/port

Michael Glaesemann said:

On Dec 12, 2005, at 20:33 , Peter Eisentraut wrote:

Michael Glaesemann wrote:

I'm not familiar enough with the psql code to be able to tell, but is
this secure? The pg_hba.conf on the new server is enforced, I assume?

You don't need to be familiar with the psql code to know that it would
be pretty stupid if client programs could override the server
authentication setup.

I'm sorry if I wasn't clear. My point was I'm not familiar enough
with the code to see if this implementation is secure. I do indeed
realize that clients bypassing server authentication is a Bad Thing.

The patch is to the client only, not even to libpq, so of course no auth
bypass is involved.

cheers

andrew

David Fetter

david@fetter.org

over 20 years ago

In reply to: Michael Glaesemann (#5)

Re: psql patch: new host/port

On Mon, Dec 12, 2005 at 09:20:57PM +0900, Michael Glaesmann wrote:

On Dec 12, 2005, at 21:32 , Andrew Dunstan wrote:

The patch is to the client only, not even to libpq, so of course no
auth bypass is involved.

Cool. Thanks for the explanation, Andrew.

Is the patch suitable for a re-send to -patches?

Cheers,
D
--
David Fetter david@fetter.org http://fetter.org/
phone: +1 415 235 3778

Remember to vote!

Tom Lane

tgl@sss.pgh.pa.us

over 20 years ago

In reply to: Michael Glaesemann (#2)

Re: psql patch: new host/port

Michael Glaesemann <grzm@myrealbox.com> writes:

On Dec 9, 2005, at 18:10 , David Fetter wrote:

Please find enclosed a patch that lets you use \c to connect
(optionally) to a new host and port without exiting psql.

I'm not familiar enough with the psql code to be able to tell, but is
this secure? The pg_hba.conf on the new server is enforced, I assume?

No, security is the server's problem.

What's not clear to me about this patch is what's the point. It's
certainly not a feature we've heard any requests for.

regards, tom lane

David Fetter

david@fetter.org

over 20 years ago

In reply to: Tom Lane (#8)

Re: psql patch: new host/port

On Mon, Dec 12, 2005 at 10:19:00AM -0500, Tom Lane wrote:

Michael Glaesemann <grzm@myrealbox.com> writes:

On Dec 9, 2005, at 18:10 , David Fetter wrote:

Please find enclosed a patch that lets you use \c to connect
(optionally) to a new host and port without exiting psql.

I'm not familiar enough with the psql code to be able to tell, but
is this secure? The pg_hba.conf on the new server is enforced, I
assume?

No, security is the server's problem.

What's not clear to me about this patch is what's the point. It's
certainly not a feature we've heard any requests for.

Informally, I've heard some carping about how you can change DBs on
one server, but you have to exit the program if you want to change
servers. The change is low-impact because \c continues to work
exactly as before when supplied with < 3 arguments :)

Cheers,
D
--
David Fetter david@fetter.org http://fetter.org/
phone: +1 415 235 3778

Remember to vote!

psql patch: new host/port

Attachments: