Bruce Momjian <bruce@momjian.us> writes:
> On Tue, Jul 16, 2019 at 02:01:00AM +0000, PG Doc comments form wrote:
>> I suppose it should be warned on the pages that foreign credentials with be
>> stored as simple text and will be available for viewing in pg_user_mappings.
> I know this is four years old, but the attached patch documents it. I
> don't think postgresql-fdw needs it since it relies on user mapping and
> discourages passwords in the connection string.
This is far too alarmist. It ignores the privilege restrictions that
are built into the pg_user_mappings view. Random users can't see
umoptions.
regards, tom lane