| From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Cc: | abcxiaod(at)126(dot)com |
| Subject: | BUG #16682: The pg_user_mapping table saves the plaintext password |
| Date: | 2020-10-22 07:14:06 |
| Message-ID: | 16682-89078b97ed03d74b@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 16682
Logged by: yi Ding
Email address: abcxiaod(at)126(dot)com
PostgreSQL version: 12.0
Operating system: linux
Description:
The pg_user_mapping table saves the user name and password information of
the external database, which is used to remotely connect to the external
database from the local database and access the tables on the external
database.
When running the connection program, the user name and password for
accessing the external database will be obtained from the pg_user_mapping
table, and the external database will be accessed as a client. If the user
name and password are verified, the connection is completed, and if the
verification fails, the connection cannot be made.
Whether the plaintext password in this system table system view has security
risks, is it considered a security vulnerability?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2020-10-22 08:16:46 | Re: BUG #16682: The pg_user_mapping table saves the plaintext password |
| Previous Message | David Geier | 2020-10-22 06:30:52 | Re: BUG #16673: Stack depth limit exceeded error while running sysbench TPC-C |