Re: [BUGS] BUG #14600: Passwords in user mappings leaked by psql \deu+ command

Ashutosh Bapat <ashutosh.bapat@enterprisedb.com>

From: Ashutosh Bapat <ashutosh.bapat@enterprisedb.com>
To: Feike Steenbergen <feikesteenbergen@gmail.com>
Cc: PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2017-04-03T09:47:47Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Revise the permission checking on user mapping DDL commands.

Please add this to 07/2017 commitfest. It looks like an existing leak, so,
may not be considered as an open item for v10.

On Fri, Mar 31, 2017 at 11:51 PM, Feike Steenbergen <
feikesteenbergen@gmail.com> wrote:

> Forwarding message from pgsql-bugs for review
>
>
> Attached a patch which copies the logic from commit
> 93a6be63a55a8cd0d73b3fa81eb6a46013a3a974.
>
> In the current implementation we only consider privileges of the foreign
> server
> in determining whether or not to show the user mapping details. This patch
> copies the same logic (and documentation) used in commit
> 93a6be63a55a8cd0d73b3fa81eb6a46013a3a974 to not always show the user
> mapping
> options.
>
> regards,
>
> Feike
>
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
>


-- 
Best Wishes,
Ashutosh Bapat
EnterpriseDB Corporation
The Postgres Database Company