On Tue, Apr 15, 2025 at 11:11 PM Jelte Fennema-Nio <postg...@jeltef.nl> wrote: > On Wed, 16 Apr 2025 at 02:03, Jacob Champion > <jacob.champ...@enterprisedb.com> wrote: > > Thank you for saying something; I'd hallucinated that srvoptions was > > limited to the server owner, and that's not true. It's pg_user_mapping > > that has the protection. > > FWIW, I have some ideas on being able to store secrets in a server in > a safe way. I'll probably start a thread on that somewhere in the next > few months.
Sounds great! Attached is my proposed fix. 0001 disables use of the new oauth_* options in our FDWs. 0002 changes dispchar. Thanks, --Jacob
0001-oauth-Disallow-OAuth-connections-via-postgres_fdw-db.patch
Description: Binary data
0002-oauth-Classify-oauth_client_secret-as-a-password.patch
Description: Binary data
