Re: What is the best thing to do with PUBLIC schema in Postgresql database
| От | Albe Laurenz |
|---|---|
| Тема | Re: What is the best thing to do with PUBLIC schema in Postgresql database |
| Дата | |
| Msg-id | A737B7A37273E048B164557ADEF4A58B53978935@ntex2010i.host.magwien.gv.at обсуждение исходный текст |
| Ответ на | What is the best thing to do with PUBLIC schema in Postgresql database ("Hu, Patricia" <Patricia.Hu@finra.org>) |
| Список | pgsql-general |
Patricia Hu wrote: > Since it could potentially be a security loop hole. So far the action taken to address it falls into > these two categories: > > drop the PUBLIC schema altogether. One of the concerns is with some of the system objects that > have been exposed through PUBLIC schema previously, now they will need other explicit grants to be > accessible to users. e.g pg_stat_statements. > keep the PUBLIC schema but revoke all privileges to it from public role, then grant as necessity > comes up. > > Any feedback and lessons from those who have implemented this? I'd prefer the second approach as it is less invasive and prevents undesirable objects in schema "public" just as well. > Confidentiality Notice:: This email, including attachments, may include non-public, proprietary, > confidential or legally privileged information. If you are not an intended recipient or an authorized > agent of an intended recipient, you are hereby notified that any dissemination, distribution or > copying of the information contained in or transmitted with this e-mail is unauthorized and strictly > prohibited. You are hereby notified that any dissemination, distribution or copying of the information contained in or transmitted with your e-mail is hunky-dory. Yours, Laurenz Albe
В списке pgsql-general по дате отправления: