From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
Cc: | Frank Eckes <frank(dot)eckes(at)online(dot)de>, pgsql-admin(at)lists(dot)postgresql(dot)org |
Subject: | Re: security issues |
Date: | 2021-12-10 16:41:27 |
Message-ID: | 70797.1639154487@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> writes:
> On Fri, 2021-12-10 at 15:33 +0100, Frank Eckes wrote:
>> And even worse, if i define a foreign server (e.g ORACLE) everybody can
>> see the credentials in a user mapping
> Then you use Oracle external authentication, for example with a
> secure key store on the PostgreSQL server. Then you don't need a
> password.
That's one way, but AFAIK the above claim is nonsense. You can
only see the connection options for user mappings that belong
to you (unless you're a superuser).
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Haroldo Stenger | 2021-12-10 16:52:53 | Re: security issues |
Previous Message | David G. Johnston | 2021-12-10 16:21:47 | Re: security issues |