Plain-text password

[bricklen]

In https://github.com/timescale/timescaledb/blob/master/sql/common/tables.sql there is a comment on the _timescaledb_catalog.cluster_user table.

CREATE TABLE IF NOT EXISTS _timescaledb_catalog.cluster_user (
    username TEXT NOT NULL PRIMARY KEY,
    password TEXT NULL --not any more of a security hole than usual since stored in  pg_user_mapping anyway
);

That comment is only partially accurate. The pg_catalog.pg_user_mapping table is viewable only by super users, whereas the cluster_user table appears to be viewable by non-superusers.
Are there plans to restrict access to that table, or more specifically, to the password column?

[cevian]

Yes, we plan to lock down these tables in the future. The clustering stuff in general is subject to a lot of flux for now. (we are concentrating only on single-node at the moment, clustering is not supported officially yet). In single-node use this table does not need to be populated.

[bricklen]

Sounds good. Thanks for clarifying.
I have a couple PR's up, but the only important one is #17. I understand the code is in flux (it's beta after all), so no worries if you want to decline or modify the changes.
Cheers!

[cevian]

Yeah we are trying to finish up the contributor agreement and external PR approach. But we really appreciate alls the PRs! We'll respond to them shortly.

Thanks,
Mat