[BUGS] BUG #14600: Passwords in user mappings leaked by psql \deu+ command
Feike Steenbergen <feikesteenbergen@gmail.com>
From: Feike Steenbergen <feikesteenbergen@gmail.com>
To: PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2017-03-31T18:21:23Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revise the permission checking on user mapping DDL commands.
- 93a6be63a55a 8.4.0 cited
Attachments
- user_mappings_leak.patch (application/octet-stream) patch
Forwarding message from pgsql-bugs for review Attached a patch which copies the logic from commit 93a6be63a55a8cd0d73b3fa81eb6a46013a3a974. In the current implementation we only consider privileges of the foreign server in determining whether or not to show the user mapping details. This patch copies the same logic (and documentation) used in commit 93a6be63a55a8cd0d73b3fa81eb6a46013a3a974 to not always show the user mapping options. regards, Feike