| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | emad al-mousa <emadalmousa2002(at)yahoo(dot)com> |
| Cc: | PostgreSQL Bug List <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: DoS Vulnerability |
| Date: | 2024-05-14 17:28:06 |
| Message-ID: | CAKFQuwYnfsEKL1=M+LROeXTRRTC7EpLhyNP3ekizOHiiwq7GiA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Tue, May 14, 2024, 10:12 emad al-mousa <emadalmousa2002(at)yahoo(dot)com> wrote:
>
> keeping connect permission by default granted to PUBLIC in PostgreSQL is
> opening a wide security hole that shouldn't exist in the first.
>
This isn't a bug nor a security issue, but I do concur that we should
remove these defaults. We've successfully (without being questioned why by
users) done both public schema and createrole attribute changes in the past
couple of years and this seems like a natural progression of secure
defaults.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-05-14 19:35:37 | Re: BUG #18463: Possible bug in stored procedures with polymorphic OUT parameters |
| Previous Message | Tom Lane | 2024-05-14 17:00:26 | Re: BUG #18463: Possible bug in stored procedures with polymorphic OUT parameters |