From: | David Steele <david(at)pgmasters(dot)net> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: What is the best thing to do with PUBLIC schema in Postgresql database |
Date: | 2016-11-04 16:54:58 |
Message-ID: | 9b426224-ca80-8803-bcf2-dfd940e21c0d@pgmasters.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 11/4/16 3:58 PM, Hu, Patricia wrote:
> Since it could potentially be a security loop hole. So far the action taken to address it falls into these two categories:
>
> drop the PUBLIC schema altogether. One of the concerns is with some of the system objects that have been exposed through PUBLIC schema previously, now they will need other explicit grants to be accessible to users. e.g pg_stat_statements.
> keep the PUBLIC schema but revoke all privileges to it from public role, then grant as necessity comes up.
>
> Any feedback and lessons from those who have implemented this?
I always drop the public schema as the first step of any build and have
never seen any ill effects.
Nothing is exposed by default in the public schema unless you install
extensions into it.
--
-David
david(at)pgmasters(dot)net
From | Date | Subject | |
---|---|---|---|
Next Message | Dmitry Karasik | 2016-11-04 17:41:27 | Re: replication setup: advice needed |
Previous Message | Alban Hertroys | 2016-11-04 15:24:38 | Re: Recover from corrupted database due to failing disk |