Home > mailing lists

BUG #16682: The pg_user_mapping table saves the plaintext password - Mailing list pgsql-bugs

From	PG Bug reporting form
Subject	BUG #16682: The pg_user_mapping table saves the plaintext password
Date	October 22, 2020 10:14:06
Msg-id	16682-89078b97ed03d74b@postgresql.org Whole thread Raw
Responses	Re: BUG #16682: The pg_user_mapping table saves the plaintext password (Daniel Gustafsson <daniel@yesql.se>)
List	pgsql-bugs

Tree view

The following bug has been logged on the website:

Bug reference:      16682
Logged by:          yi Ding
Email address:      abcxiaod@126.com
PostgreSQL version: 12.0
Operating system:   linux
Description:

The pg_user_mapping table saves the user name and password information of
the external database, which is used to remotely connect to the external
database from the local database and access the tables on the external
database.
When running the connection program, the user name and password for
accessing the external database will be obtained from the pg_user_mapping
table, and the external database will be accessed as a client. If the user
name and password are verified, the connection is completed, and if the
verification fails, the connection cannot be made.
Whether the plaintext password in this system table system view has security
risks, is it considered a security vulnerability？

pgsql-bugs by date:

From: David Geier
Date: 22 October 2020, 09:30:52
Subject: Re: BUG #16673: Stack depth limit exceeded error while running sysbench TPC-C

From: Daniel Gustafsson
Date: 22 October 2020, 11:16:46
Subject: Re: BUG #16682: The pg_user_mapping table saves the plaintext password

BUG #16682: The pg_user_mapping table saves the plaintext password - Mailing list pgsql-bugs

Previous

Next