From: | Peter Fein <pfein(at)pobox(dot)com> |
---|---|
To: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: No PUBLIC access by default? |
Date: | 2005-08-12 14:31:32 |
Message-ID: | 42FCB2C4.3050008@pobox.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Martijn van Oosterhout wrote:
> On Fri, Aug 12, 2005 at 08:34:23AM -0500, Peter Fein wrote:
>
>>Ok. ;) A little further investigation revealed that template0 gives the
>>same result. It's potentially confusing that template0 is initialized
>>this way - I couldn't find any indication of such in the manual. In
>>fact, from CREATE DATABASE:
>>
>>In particular, by writing TEMPLATE template0, you can create a virgin
>>database containing only the standard objects predefined by your version
>>of PostgreSQL.
>
>
> It's mentioned in:
>
> http://www.postgresql.org/docs/8.0/static/ddl-schemas.html#DDL-SCHEMAS-PRIV
>
> The public schema is setup so anyone can access it, that's why it's
> called public.
Ack, ok. Thanks for the link.
>
>>I guess I'm just surprised that template0 would have *any* ACLs set
>>(aside from those needed by system catalogs, etc.). It seems to be
>>favoring convenience by default instead of security by default.
>
>
> The purpose of blocking access to public by default would be... If you
> don't want people to access the database, don't let them login.
Forcing admins to specify who has access? Anyway, I'm persuaded. I've
been thinking of the public schema as the place where all my
application-level data & functionality will live, with separate schemas
for more generic functionality - think packages/modules in the software
world. My DB backends a webapp & I'm worried about SQL injection & the
like. Revoking all access from PUBLIC obviously doesn't solve that
problem, but it limits the scope of potential damage.
> Seems akin to removing all permissions from the home directory of a new
> user so not even they can access it. Sure it's secure, but not terribly
> useful.
I think it's more like chmod 640...
Thanks all for the help.
--
Peter Fein pfein(at)pobox(dot)com 773-575-0694
Basically, if you're not a utopianist, you're a schmuck. -J. Feldman
From | Date | Subject | |
---|---|---|---|
Next Message | Frodo Larik | 2005-08-12 14:34:27 | Re: Access NEW and OLD from function called by a rule |
Previous Message | Tom Lane | 2005-08-12 14:26:15 | Re: vacuum error "left link changed unexpectedly" |