Обсуждение: BUG #16682: The pg_user_mapping table saves the plaintext password
The following bug has been logged on the website: Bug reference: 16682 Logged by: yi Ding Email address: abcxiaod@126.com PostgreSQL version: 12.0 Operating system: linux Description: The pg_user_mapping table saves the user name and password information of the external database, which is used to remotely connect to the external database from the local database and access the tables on the external database. When running the connection program, the user name and password for accessing the external database will be obtained from the pg_user_mapping table, and the external database will be accessed as a client. If the user name and password are verified, the connection is completed, and if the verification fails, the connection cannot be made. Whether the plaintext password in this system table system view has security risks, is it considered a security vulnerability?
> On 22 Oct 2020, at 09:14, PG Bug reporting form <noreply@postgresql.org> wrote: > Whether the plaintext password in this system table system view has security > risks, is it considered a security vulnerability? This is as intended, and documented on the pg_user_mapping catalog description and the pg_user_mappings view: https://www.postgresql.org/docs/12/catalog-pg-user-mapping.html https://www.postgresql.org/docs/12/view-pg-user-mappings.html The umoptions field is not visible to restricted users. cheers ./daniel
On Thu, Oct 22, 2020 at 10:16:46AM +0200, Daniel Gustafsson wrote: > > On 22 Oct 2020, at 09:14, PG Bug reporting form <noreply@postgresql.org> wrote: > > > Whether the plaintext password in this system table system view has security > > risks, is it considered a security vulnerability? > > This is as intended, and documented on the pg_user_mapping catalog > description and the pg_user_mappings view: > > https://www.postgresql.org/docs/12/catalog-pg-user-mapping.html > https://www.postgresql.org/docs/12/view-pg-user-mappings.html > > The umoptions field is not visible to restricted users. If you care about such things, there are more options on the table like pgpass files or certificate-based authentication methods just to name two of these. Much more options are supported. -- Michael