Re: pgsql: Revoke PUBLIC CREATE from public schema, now owned by pg_databas
| От | Tom Lane |
|---|---|
| Тема | Re: pgsql: Revoke PUBLIC CREATE from public schema, now owned by pg_databas |
| Дата | |
| Msg-id | 1563756.1669904683@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: pgsql: Revoke PUBLIC CREATE from public schema, now owned by pg_databas (Alvaro Herrera <alvherre@alvh.no-ip.org>) |
| Список | pgsql-hackers |
Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> On 2022-Dec-01, Noah Misch wrote:
>> This is free from the problem found in ddl-create-public-reorg-really.patch.
>> However, the word "other" doesn't belong there. (The per-user schemas should
>> not have public CREATE privilege.) I would also move that same sentence up
>> front, like this:
>>
>> Constrain ordinary users to user-private schemas. To implement this
>> pattern, first ensure that no schemas have public CREATE privileges.
>> Then, for every user needing to create non-temporary objects, create a
>> schema with the same name as that user. (Recall that the default search
>> path starts with $user, which resolves to the user name. Therefore, if
>> each user has a separate schema, they access their own schemas by
>> default.) This pattern is a secure schema usage pattern unless an
>> untrusted user is the database owner or holds the CREATEROLE privilege, in
>> which case no secure schema usage pattern exists.
> +1 LGTM
Sounds good. I'll make it so in a bit.
regards, tom lane
В списке pgsql-hackers по дате отправления: