On Tuesday 06 January 2009 19:50:51 Tom Lane wrote:
> Peter Eisentraut <peter_e@gmx.net> writes:
> > I think you want some permission checking on fdtest then, right?
>
> What about the permissions on the system catalogs themselves?
> AFAICT, the pg_user_mappings view will expose user passwords to
> the "owner" of the foreign server, which doesn't seem good.
Well, no one is forcing you to put a password there. dblink has had its
mechanisms for obtaining passwords until now, and those are not invalidated
by this. There are as always limited use cases for hardcoding passwords, but
in a fully multiuser environment you probably want to use a different
authentication mechanism. Eventually, when we allow these modules to
actually call out, we will have to seriously evaluate that. But for right
now, if you don't want your password in there, don't put it there.