From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
---|---|
To: | "'Hu, Patricia *EXTERN*'" <Patricia(dot)Hu(at)finra(dot)org>, "pgsql general (pgsql-general(at)postgresql(dot)org)" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: What is the best thing to do with PUBLIC schema in Postgresql database |
Date: | 2016-11-07 11:00:34 |
Message-ID: | A737B7A37273E048B164557ADEF4A58B53978935@ntex2010i.host.magwien.gv.at |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Patricia Hu wrote:
> Since it could potentially be a security loop hole. So far the action taken to address it falls into
> these two categories:
>
> drop the PUBLIC schema altogether. One of the concerns is with some of the system objects that
> have been exposed through PUBLIC schema previously, now they will need other explicit grants to be
> accessible to users. e.g pg_stat_statements.
> keep the PUBLIC schema but revoke all privileges to it from public role, then grant as necessity
> comes up.
>
> Any feedback and lessons from those who have implemented this?
I'd prefer the second approach as it is less invasive and prevents
undesirable objects in schema "public" just as well.
> Confidentiality Notice:: This email, including attachments, may include non-public, proprietary,
> confidential or legally privileged information. If you are not an intended recipient or an authorized
> agent of an intended recipient, you are hereby notified that any dissemination, distribution or
> copying of the information contained in or transmitted with this e-mail is unauthorized and strictly
> prohibited.
You are hereby notified that any dissemination, distribution or copying of the information
contained in or transmitted with your e-mail is hunky-dory.
Yours,
Laurenz Albe
From | Date | Subject | |
---|---|---|---|
Next Message | amul sul | 2016-11-07 12:14:22 | Re: checkpoint_timout with no WAL activity |
Previous Message | Tom DalPozzo | 2016-11-07 10:50:27 | checkpoint_timout with no WAL activity |