Quick Links

[BUGS] BUG #14600: Passwords in user mappings leaked by psql \deu+ command

From:	Feike Steenbergen <feikesteenbergen(at)gmail(dot)com>
To:	PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject:	[BUGS] BUG #14600: Passwords in user mappings leaked by psql \deu+ command
Date:	2017-03-31 18:21:23
Message-ID:	CAK_s-G2gaYLCu3j10-EGxngUXzFOp9O+TyBv1-Xj4fyYKJ9fPA@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Forwarding message from pgsql-bugs for review

Attached a patch which copies the logic from commit
93a6be63a55a8cd0d73b3fa81eb6a46013a3a974.

In the current implementation we only consider privileges of the foreign
server
in determining whether or not to show the user mapping details. This patch
copies the same logic (and documentation) used in commit
93a6be63a55a8cd0d73b3fa81eb6a46013a3a974 to not always show the user mapping
options.

regards,

Feike

Attachment	Content-Type	Size
user_mappings_leak.patch	application/octet-stream	1.7 KB

Responses

Re: [BUGS] BUG #14600: Passwords in user mappings leaked by psql \deu+ command at 2017-04-03 09:47:47 from Ashutosh Bapat
Re: [BUGS] BUG #14600: Passwords in user mappings leaked by psql \deu+ command at 2017-04-03 17:54:24 from Jeff Janes

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2017-03-31 18:23:31	Re: Somebody has not thought through subscription locking considerations
Previous Message	Magnus Hagander	2017-03-31 18:19:53	Re: bumping HASH_VERSION to 3