Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite974f1c

Browse files
committed
oauth: Classify oauth_client_secret as a password
Tell UIs to hide the value of oauth_client_secret, like the otherpasswords. Due to the previous commit, this does not affect postgres_fdwand dblink, but add a comment to try to warn others of the hazard in thefuture.Reported-by: Noah Misch <noah@leadboat.com>Reviewed-by: Noah Misch <noah@leadboat.com>Discussion:https://postgr.es/m/20250415191435.55.nmisch%40google.com
1 parentd2e7d2a commite974f1c

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

‎src/interfaces/libpq/fe-connect.c

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,6 +158,12 @@ static intldapServiceLookup(const char *purl, PQconninfoOption *options,
158158
*"*"Password field - hide value
159159
*"D"Debug option - don't show by default
160160
*
161+
* NB: Server-side clients -- dblink, postgres_fdw, libpqrcv -- use dispchar to
162+
* determine which options to expose to end users, and how. Changing dispchar
163+
* has compatibility and security implications for those clients. For example,
164+
* postgres_fdw will attach a "*" option to USER MAPPING instead of the default
165+
* SERVER, and it disallows setting "D" options entirely.
166+
*
161167
* PQconninfoOptions[] is a constant static array that we use to initialize
162168
* a dynamically allocated working copy. All the "val" fields in
163169
* PQconninfoOptions[] *must* be NULL. In a working copy, non-null "val"
@@ -394,7 +400,7 @@ static const internalPQconninfoOption PQconninfoOptions[] = {
394400
offsetof(structpg_conn,oauth_client_id)},
395401

396402
{"oauth_client_secret",NULL,NULL,NULL,
397-
"OAuth-Client-Secret","",40,
403+
"OAuth-Client-Secret","*",40,
398404
offsetof(structpg_conn,oauth_client_secret)},
399405

400406
{"oauth_scope",NULL,NULL,NULL,

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp