Hello All
I am not sure if I am posting this to the correct PG list, please let me know if there are other lists better suited to answer this question.
Postgresql dblinks and dblink_fdw allow for the use of Server and user mapping to be able to store the user/password of a connection and save it in an encrypted manner.
Logical replication subscription syntax regarding connection info allows for the user/password to be supplied within the subscription ddl.
And the Subscription connection info is visible via the pg_subscription.subconninfo column, which can contain plain-text passwords, is intentionally restricted. Only the pg_read_all_settings role, superusers, and the owner of the subscription can SELECT from this column.
In a dblink the connection info can be provided via the same connection parameters as allowed by the logical subscription syntax, however it is allowed to use a Created ServerName with a user mapping in the connections.
I am not familiar on what it would take to allow logical subscriptions to use User Server/Mapping logic as the dblink extension allows but if it where possible then this would assure that only the role creating the User server/mapping can set the connection user/password and then it can be totally hidden from prying eyes.
I was wondering if this is within any plan to implement in future releases.
Thanks
Anthony Vitale
