| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | abcxiaod(at)126(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #16682: The pg_user_mapping table saves the plaintext password |
| Date: | 2020-10-23 03:22:42 |
| Message-ID: | 20201023032242.GC5180@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Thu, Oct 22, 2020 at 10:16:46AM +0200, Daniel Gustafsson wrote:
> > On 22 Oct 2020, at 09:14, PG Bug reporting form <noreply(at)postgresql(dot)org> wrote:
>
> > Whether the plaintext password in this system table system view has security
> > risks, is it considered a security vulnerability?
>
> This is as intended, and documented on the pg_user_mapping catalog
> description and the pg_user_mappings view:
>
> https://www.postgresql.org/docs/12/catalog-pg-user-mapping.html
> https://www.postgresql.org/docs/12/view-pg-user-mappings.html
>
> The umoptions field is not visible to restricted users.
If you care about such things, there are more options on the table
like pgpass files or certificate-based authentication methods just to
name two of these. Much more options are supported.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Bug reporting form | 2020-10-23 10:26:52 | BUG #16683: explain plan format xml produces invalid xml |
| Previous Message | Tom Lane | 2020-10-22 14:01:57 | Re: BUG #16329: Valgrind detects an invalid read when building a gist index with buffering |