dblink_connect_u(text connstr) returns text dblink_connect_u(text connname, text connstr) returns text
    dblink_connect_u() is identical to
    dblink_connect(), except that it will allow non-superusers
    to connect using any authentication method.
   
    If the remote server selects an authentication method that does not
    involve a password, then impersonation and subsequent escalation of
    privileges can occur, because the session will appear to have
    originated from the user as which the local PostgreSQL
    server runs.  Also, even if the remote server does demand a password,
    it is possible for the password to be supplied from the server
    environment, such as a ~/.pgpass file belonging to the
    server's user.  This opens not only a risk of impersonation, but the
    possibility of exposing a password to an untrustworthy remote server.
    Therefore, dblink_connect_u() is initially
    installed with all privileges revoked from PUBLIC,
    making it un-callable except by superusers.  In some situations
    it may be appropriate to grant EXECUTE permission for
    dblink_connect_u() to specific users who are considered
    trustworthy, but this should be done with care.  It is also recommended
    that any ~/.pgpass file belonging to the server's user
    not contain any records specifying a wildcard host name.
   
    For further details see dblink_connect().