Re: BUG #16682: The pg_user_mapping table saves the plaintext password

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: abcxiaod(at)126(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: BUG #16682: The pg_user_mapping table saves the plaintext password
Date: 2020-10-22 08:16:46
Message-ID: 78BCA442-5AFB-40E4-B280-69D8EAF234EE@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

> On 22 Oct 2020, at 09:14, PG Bug reporting form <noreply(at)postgresql(dot)org> wrote:

> Whether the plaintext password in this system table system view has security
> risks, is it considered a security vulnerability?

This is as intended, and documented on the pg_user_mapping catalog
description and the pg_user_mappings view:

https://www.postgresql.org/docs/12/catalog-pg-user-mapping.html
https://www.postgresql.org/docs/12/view-pg-user-mappings.html

The umoptions field is not visible to restricted users.

cheers ./daniel

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2020-10-22 14:01:57 Re: BUG #16329: Valgrind detects an invalid read when building a gist index with buffering
Previous Message PG Bug reporting form 2020-10-22 07:14:06 BUG #16682: The pg_user_mapping table saves the plaintext password