| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Olegs Jeremejevs <olegs(at)jeremejevs(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Rationale for PUBLIC having CREATE and USAGE privileges on the schema "public" by default |
| Date: | 2018-02-17 20:08:14 |
| Message-ID: | CAKFQuwYF5Li2M9xW6iH3piv7DhwPO4rff+YnNTWfXkf64WDHuw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Saturday, February 17, 2018, Olegs Jeremejevs <olegs(at)jeremejevs(dot)com>
wrote:
> Thanks for the reply.
>
> > I'm not sure whether you are really being limited/forced here or if you
> are thinking that having CREATE and USAGE on a schema is more powerful than
> it is...
>
> As far as I know, having these permissions has a DoS potential, though,
> admittedly, negligible, if the rest of the database is secured properly.
> Just wanted to play safe and revoke them.
>
To an extent it is possible to DoS so long as you have a session and access
to pg_catalog. Having create and usage on public doesn't meaningfully (if
at all) expand the risk surface area. Default also provides for creating
temporary tables.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Olegs Jeremejevs | 2018-02-17 20:48:14 | Re: Rationale for PUBLIC having CREATE and USAGE privileges on the schema "public" by default |
| Previous Message | Olegs Jeremejevs | 2018-02-17 19:31:16 | Re: Rationale for PUBLIC having CREATE and USAGE privileges on the schema "public" by default |