On 12/23/24 11:26 AM, Bharani SV-forum wrote:
Team
I am in the process of upgrading EC2-PGS ver 13.X to 15.X
I am aware since ver 14.X, we have restriction in the usage of
schema=public and the DBA need to grant exclusive priv for the tagged db
user's.
Are you referring to this?:
https://www.postgresql.org/docs/15/release-15.html
"Remove PUBLIC creation permission on the public schema (Noah Misch) §
The new default is one of the secure schema usage patterns that Section
5.9.6 has recommended since the security release for CVE-2018-1058. The
change applies to new database clusters and to newly-created databases
in existing clusters. Upgrading a cluster or restoring a database dump
will preserve public's existing permissions.
For existing databases, especially those having multiple users, consider
revoking CREATE permission on the public schema to adopt this new
default. For new databases having no need to defend against insider
threats, granting CREATE permission will yield the behavior of prior
releases.
"
Assume i want to enforce it,
Can i retag all the object tables/indexex/packages/procedures/functions
etc tagged under schema =public to a newly created schema e.g =
*schemaname = allowallusr *and grant respective priv's.
Whether it will resolve the issue, as application time need time to
validated all the use case for testing the objects which is present
under schema=public and ported to new schema= allowallusr .
Any suggestions or best practise
--
Adrian Klaver
adrian.kla...@aklaver.com
