Re: BUG #16682: The pg_user_mapping table saves the plaintext password

Поиск
Список
Период
Сортировка
От Michael Paquier
Тема Re: BUG #16682: The pg_user_mapping table saves the plaintext password
Дата
Msg-id 20201023032242.GC5180@paquier.xyz
обсуждение исходный текст
Ответ на Re: BUG #16682: The pg_user_mapping table saves the plaintext password  (Daniel Gustafsson <daniel@yesql.se>)
Список pgsql-bugs
Дерево обсуждения 
On Thu, Oct 22, 2020 at 10:16:46AM +0200, Daniel Gustafsson wrote:
> > On 22 Oct 2020, at 09:14, PG Bug reporting form <noreply@postgresql.org> wrote:
>
> > Whether the plaintext password in this system table system view has security
> > risks, is it considered a security vulnerability?
>
> This is as intended, and documented on the pg_user_mapping catalog
> description and the pg_user_mappings view:
>
>   https://www.postgresql.org/docs/12/catalog-pg-user-mapping.html
>   https://www.postgresql.org/docs/12/view-pg-user-mappings.html
>
> The umoptions field is not visible to restricted users.

If you care about such things, there are more options on the table
like pgpass files or certificate-based authentication methods just to
name two of these.  Much more options are supported.
--
Michael
Вложения

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: BUG #16329: Valgrind detects an invalid read when building a gist index with buffering
Следующее
От: PG Bug reporting form
Дата:
Сообщение: BUG #16683: explain plan format xml produces invalid xml