Since it could potentially be a security loop hole. So far the action taken to
address it falls into these two categories:
drop the PUBLIC schema altogether. One of the concerns is with some of the
system objects that have been exposed through PUBLIC schema previously, now
they will need other explicit grants to be accessible to users. e.g
pg_stat_statements.
keep the PUBLIC schema but revoke all privileges to it from public role,
then grant as necessity comes up.
Any feedback and lessons from those who have implemented this?
Confidentiality Notice:: This email, including attachments, may include
non-public, proprietary, confidential or legally privileged information. If
you are not an intended recipient or an authorized agent of an intended
recipient, you are hereby notified that any dissemination, distribution or
copying of the information contained in or transmitted with this e-mail is
unauthorized and strictly prohibited. If you have received this email in
error, please notify the sender by replying to this message and permanently
delete this e-mail, its attachments, and any copies of it immediately. You
should not retain, copy or use this e-mail or any attachment for any purpose,
nor disclose all or any part of the contents to any other person. Thank you.
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
