Home > mailing lists

[BUGS] Re: BUG #14600: Passwords in user mappings leaked by psql \deu+command - Mailing list pgsql-bugs

From	Noah Misch
Subject	[BUGS] Re: BUG #14600: Passwords in user mappings leaked by psql \deu+command
Date	April 9, 2017 01:34:07
Msg-id	20170408193407.GA2814157@tornado.leadboat.com Whole thread Raw
List	pgsql-bugs

Tree view

On Wed, Mar 29, 2017 at 04:54:03PM +0200, Feike Steenbergen wrote:
> > If a standard user logs into Alice using command line client, psql, and
> runs
> > the command \deu+, the password for both the standard_user and the
> > power_user will be visible in the displayed user mapping.
> 
> \deu+ queries pg_catalog.pg_user_mappings, which itself is a view on top of
> pg_user_mapping.

Thanks for the report; the next back-branch releases will contain a fix.


-- 
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

pgsql-bugs by date:

From: Tom Lane
Date: 07 April 2017, 22:19:19
Subject: Re: [BUGS] BUG #14614: Combination of UNION, EXCEPT and ORDER BY produces an error

From: mustafa husny
Date: 10 April 2017, 04:05:38
Subject: [BUGS] manage connections

[BUGS] Re: BUG #14600: Passwords in user mappings leaked by psql \deu+command - Mailing list pgsql-bugs

Previous

Next