Re: User mapping security

[Bruce Momjian]

On Tue, Jul 16, 2019 at 02:01:00AM +, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
> 
> Page: https://www.postgresql.org/docs/10/postgres-fdw.html
> Description:
> 
> Regarding the documentation pages
> https://www.postgresql.org/docs/10/postgres-fdw.html?origin_team=T02HEPYKQ
> and https://www.postgresql.org/docs/10/sql-createusermapping.html
> 
> I suppose it should be warned on the pages that foreign credentials with be
> stored as simple text and will be available for viewing in pg_user_mappings.

I know this is four years old, but the attached patch documents it.  I
don't think postgresql-fdw needs it since it relies on user mapping and
discourages passwords in the connection string.

-- 
  Bruce Momjian  https://momjian.us
  EDB  https://enterprisedb.com

  Only you can decide what is important to you.
diff --git a/doc/src/sgml/ref/create_user_mapping.sgml b/doc/src/sgml/ref/create_user_mapping.sgml
index 55debd5401..e93bfe48f6 100644
--- a/doc/src/sgml/ref/create_user_mapping.sgml
+++ b/doc/src/sgml/ref/create_user_mapping.sgml
@@ -92,7 +92,11 @@ CREATE USER MAPPING [ IF NOT EXISTS ] FOR { user_
   This clause specifies the options of the user mapping.  The
   options typically define the actual user name and password of
   the mapping.  Option names must be unique.  The allowed option
-  names and values are specific to the server's foreign-data wrapper.
+  names and values are specific to the server's foreign-data
+  wrapper.  Option values, including passwords, are visible in the
+  pg_user_mapping
+  system view.
  
 

Re: User mapping security

[Stephen Frost]

Greetings,

* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, Jul 16, 2019 at 02:01:00AM +, PG Doc comments form wrote:
> > The following documentation comment has been logged on the website:
> > 
> > Page: https://www.postgresql.org/docs/10/postgres-fdw.html
> > Description:
> > 
> > Regarding the documentation pages
> > https://www.postgresql.org/docs/10/postgres-fdw.html?origin_team=T02HEPYKQ
> > and https://www.postgresql.org/docs/10/sql-createusermapping.html
> > 
> > I suppose it should be warned on the pages that foreign credentials with be
> > stored as simple text and will be available for viewing in pg_user_mappings.
> 
> I know this is four years old, but the attached patch documents it.  I
> don't think postgresql-fdw needs it since it relies on user mapping and
> discourages passwords in the connection string.

A bit on the fence about it ... but I do wonder if we should encourage
use of gssapi and credential delegation now that we support that and
point out that storing passwords isn't required if you're using gssapi.

Thanks,

Stephen

> diff --git a/doc/src/sgml/ref/create_user_mapping.sgml 
> b/doc/src/sgml/ref/create_user_mapping.sgml
> index 55debd5401..e93bfe48f6 100644
> --- a/doc/src/sgml/ref/create_user_mapping.sgml
> +++ b/doc/src/sgml/ref/create_user_mapping.sgml
> @@ -92,7 +92,11 @@ CREATE USER MAPPING [ IF NOT EXISTS ] FOR {  class="parameter">user_
>This clause specifies the options of the user mapping.  The
>options typically define the actual user name and password of
>the mapping.  Option names must be unique.  The allowed option
> -  names and values are specific to the server's foreign-data wrapper.
> +  names and values are specific to the server's foreign-data
> +  wrapper.  Option values, including passwords, are visible in the
> +   +  
> linkend="catalog-pg-user-mapping">pg_user_mapping
> +  system view.
>   
>  
> 



signature.asc
Description: PGP signature

Re: User mapping security

[Tom Lane]

Bruce Momjian  writes:
> On Tue, Jul 16, 2019 at 02:01:00AM +, PG Doc comments form wrote:
>> I suppose it should be warned on the pages that foreign credentials with be
>> stored as simple text and will be available for viewing in pg_user_mappings.

> I know this is four years old, but the attached patch documents it.  I
> don't think postgresql-fdw needs it since it relies on user mapping and
> discourages passwords in the connection string.

This is far too alarmist.  It ignores the privilege restrictions that
are built into the pg_user_mappings view.  Random users can't see
umoptions.

regards, tom lane

Re: User mapping security

[Bruce Momjian]

On Thu, Nov  9, 2023 at 05:03:33PM -0500, Tom Lane wrote:
> Bruce Momjian  writes:
> > On Tue, Jul 16, 2019 at 02:01:00AM +, PG Doc comments form wrote:
> >> I suppose it should be warned on the pages that foreign credentials with be
> >> stored as simple text and will be available for viewing in 
> >> pg_user_mappings.
> 
> > I know this is four years old, but the attached patch documents it.  I
> > don't think postgresql-fdw needs it since it relies on user mapping and
> > discourages passwords in the connection string.
> 
> This is far too alarmist.  It ignores the privilege restrictions that
> are built into the pg_user_mappings view.  Random users can't see
> umoptions.

True.  I wasn't sure how much of an issue it was to expose passwords at
the SQL level, but I will drop the idea.

-- 
  Bruce Momjian  https://momjian.us
  EDB  https://enterprisedb.com

  Only you can decide what is important to you.

Re: WAL Configuration Grammar Fix

[Bruce Momjian]

On Fri, Mar  8, 2019 at 10:39:16PM +, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
> 
> Page: https://www.postgresql.org/docs/11/wal-configuration.html
> Description:
> 
> On the WAL Configuration page -
> https://www.postgresql.org/docs/current/wal-configuration.html
> It reads: "On Linux and POSIX platforms checkpoint_flush_after allows to
> force the OS that pages written by the checkpoint should be flushed to disk
> after a configurable number of bytes."
> 
> I believe a "you" is missing. I also suggest a more clear sentence
> construction might be:
> "On Linux and POSIX platforms you can use checkpoint_flush_after to set a
> configurable number of bytes after which the OS will be forced to flush to
> disk the pages written by the checkpoint."

This patch is 4.5 years old, but still valid.  Fixed with the attached
patch applied to master.

-- 
  Bruce Momjian  https://momjian.us
  EDB  https://enterprisedb.com

  Only you can decide what is important to you.
diff --git a/doc/src/sgml/wal.sgml b/doc/src/sgml/wal.sgml
index 4aad0e1a07..184404c6c5 100644
--- a/doc/src/sgml/wal.sgml
+++ b/doc/src/sgml/wal.sgml
@@ -602,7 +602,7 @@
 
   
On Linux and POSIX platforms 
-   allows to force the OS that pages written by the checkpoint should be
+   allows you to force OS pages written by the checkpoint to be
flushed to disk after a configurable number of bytes.  Otherwise, these
pages may be kept in the OS's page cache, inducing a stall when
fsync is issued at the end of a checkpoint.  This setting will

Re: Typo in documentation - runtime-config-wal

[Bruce Momjian]

On Fri, Feb 15, 2019 at 07:51:31PM +, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
> 
> Page: https://www.postgresql.org/docs/10/runtime-config-wal.html
> Description:
> 
> This page: https://www.postgresql.org/docs/10/runtime-config-wal.html
> (And probably others in other versions) has – I believe – an error in the
> description for "wal_writer_delay".
> 
> It says "woken up by an asynchronously committing transaction". I suspect
> that should read "synchronously".

Uh, is this correction accurate?  It seems so to me.

After flushing WAL the writer sleeps for the length of time given
by wal_writer_delay, unless woken up sooner
--> by an asynchronously committing transaction.

-- 
  Bruce Momjian  https://momjian.us
  EDB  https://enterprisedb.com

  Only you can decide what is important to you.