On Tuesday 06 January 2009 19:50:51 Tom Lane wrote: > Peter Eisentraut <pete...@gmx.net> writes: > > I think you want some permission checking on fdtest then, right? > > What about the permissions on the system catalogs themselves? > AFAICT, the pg_user_mappings view will expose user passwords to > the "owner" of the foreign server, which doesn't seem good.
Well, no one is forcing you to put a password there. dblink has had its mechanisms for obtaining passwords until now, and those are not invalidated by this. There are as always limited use cases for hardcoding passwords, but in a fully multiuser environment you probably want to use a different authentication mechanism. Eventually, when we allow these modules to actually call out, we will have to seriously evaluate that. But for right now, if you don't want your password in there, don't put it there. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
