Re: [BUGS] BUG #14600: Passwords in user mappings leaked by psql \deu+ command
Ashutosh Bapat <ashutosh.bapat@enterprisedb.com>
From: Ashutosh Bapat <ashutosh.bapat@enterprisedb.com>
To: Feike Steenbergen <feikesteenbergen@gmail.com>
Cc: PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2017-04-03T09:47:47Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revise the permission checking on user mapping DDL commands.
- 93a6be63a55a 8.4.0 cited
Please add this to 07/2017 commitfest. It looks like an existing leak, so, may not be considered as an open item for v10. On Fri, Mar 31, 2017 at 11:51 PM, Feike Steenbergen < feikesteenbergen@gmail.com> wrote: > Forwarding message from pgsql-bugs for review > > > Attached a patch which copies the logic from commit > 93a6be63a55a8cd0d73b3fa81eb6a46013a3a974. > > In the current implementation we only consider privileges of the foreign > server > in determining whether or not to show the user mapping details. This patch > copies the same logic (and documentation) used in commit > 93a6be63a55a8cd0d73b3fa81eb6a46013a3a974 to not always show the user > mapping > options. > > regards, > > Feike > > > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers > > -- Best Wishes, Ashutosh Bapat EnterpriseDB Corporation The Postgres Database Company