TechQA.

How to audit superuser access to the pg_user_mappings in postgresql

43 views Asked by At

We are planning to use the foreign data wrapper feature in PostgreSQL. As part of the foreign data wrapper configuration, a user mapping has to be created. The problem is the password of the remote user is stored in clear text and is retrievable by selecting from the gp_user_mappings system view

Both the local mapped user and the superuser can see the password in clear text. So, we want to audit any select statement by the superuser to this view. Is this possible?

Note: pgPass file is not an option

postgresql audit audit-logging foreign-data-wrapper
Original Q&A
1

There are 1 answers

0
Laurenz Albe On

You cannot audit the actions of a superuser in a way that the superuser cannot tamper with.

If you are security conscious, the best solution is the one you exclude: don't use a password and set password_required to off. That does not mean that you have to use a password file: you could for example use certificate authentication.

If you have no control over the database server, then security seems to be a secondary concern. In that case, you could use trust authentication.

Related Questions in POSTGRESQL

Related Questions in AUDIT

Related Questions in AUDIT-LOGGING

Related Questions in FOREIGN-DATA-WRAPPER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions