| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
| Cc: | Frank Eckes <frank(dot)eckes(at)online(dot)de>, pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: security issues |
| Date: | 2021-12-10 16:41:27 |
| Message-ID: | 70797.1639154487@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> writes:
> On Fri, 2021-12-10 at 15:33 +0100, Frank Eckes wrote:
>> And even worse, if i define a foreign server (e.g ORACLE) everybody can
>> see the credentials in a user mapping
> Then you use Oracle external authentication, for example with a
> secure key store on the PostgreSQL server. Then you don't need a
> password.
That's one way, but AFAIK the above claim is nonsense. You can
only see the connection options for user mappings that belong
to you (unless you're a superuser).
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Haroldo Stenger | 2021-12-10 16:52:53 | Re: security issues |
| Previous Message | David G. Johnston | 2021-12-10 16:21:47 | Re: security issues |