Patricia Hu wrote: > Since it could potentially be a security loop hole. So far the action taken > to address it falls into > these two categories: > > drop the PUBLIC schema altogether. One of the concerns is with some of > the system objects that > have been exposed through PUBLIC schema previously, now they will need other > explicit grants to be > accessible to users. e.g pg_stat_statements. > keep the PUBLIC schema but revoke all privileges to it from public role, > then grant as necessity > comes up. > > Any feedback and lessons from those who have implemented this?
I'd prefer the second approach as it is less invasive and prevents undesirable objects in schema "public" just as well. > Confidentiality Notice:: This email, including attachments, may include > non-public, proprietary, > confidential or legally privileged information. If you are not an intended > recipient or an authorized > agent of an intended recipient, you are hereby notified that any > dissemination, distribution or > copying of the information contained in or transmitted with this e-mail is > unauthorized and strictly > prohibited. You are hereby notified that any dissemination, distribution or copying of the information contained in or transmitted with your e-mail is hunky-dory. Yours, Laurenz Albe -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
