| From: | Bryn Llewellyn <bryn(at)yugabyte(dot)com> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
| Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Neeraj M R <neerajmr12219(at)gmail(dot)com>, Tom Lane PostgreSQL <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general list <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Restricting user to see schema structure |
| Date: | 2022-05-18 01:47:13 |
| Message-ID: | EC97579C-50A9-4CD4-AD71-CB06C1E24AE8@yugabyte.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> adrian(dot)klaver(at)aklaver(dot)com wrote:
>
>> bryn(at)yugabyte(dot)com wrote:
>>
>> The paragraph describes very surprising behavior in the present era of "secure by default". The sentence "For maximum security..." at the end emphasizes this and has you go to some effort (CREATE and REVOKE in the same txn) to undo the "insecurity by default" paradigm. I s'pose that compatibility on upgrade means that nothing can change here.
>
> There is movement on this front coming in Postgres 15:
>
> https://www.postgresql.org/docs/devel/release-15.html
Do you mean that, for example, "create database x" will no longer imply "grant connect on database x to public" and "create function f()" will no longer imply "grant execute on function f() to public"? That would be good. But I can't find wording to that effect on the page.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2022-05-18 01:50:11 | Re: Restricting user to see schema structure |
| Previous Message | Adrian Klaver | 2022-05-18 00:28:44 | Re: Restricting user to see schema structure |