Re: First draft of the PG 15 release notes - Mailing list pgsql-hackers

From Noah Misch
Subject Re: First draft of the PG 15 release notes
Date
Msg-id 20220706024557.GD2648447@rfd.leadboat.com
Whole thread Raw
In response to Re: First draft of the PG 15 release notes  (Bruce Momjian <bruce@momjian.us>)
Responses Re: First draft of the PG 15 release notes
List pgsql-hackers
On Tue, Jul 05, 2022 at 07:47:52PM -0400, Bruce Momjian wrote:
> On Tue, Jul  5, 2022 at 02:57:52PM -0700, Noah Misch wrote:
> > Since having too-permissive ACLs is usually symptom-free, I share your
> > forecast about the more-common question.  Expect questions on mailing lists,
> > stackoverflow, etc.  The right way to answer those questions is roughly this:
> > 
> >     > On PostgreSQL 15, my application gets "permission denied for schema
> >     > public".  What should I do?
> > 
> >     You have a choice to make.  The best selection depends on the security
> >     needs of your database.  See
> >     https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
> >     for a guide to making that choice.
> > 
> > Recommending GRANT to that two-sentence question would be negligent.  One
> > should know a database's lack of security needs before recommending GRANT.
> > This is a key opportunity to have more users make the right decision while
> > their attention is on the topic.
> 
> Yes, I think it is a question of practicality vs. desirability.  We are
> basically telling people they have to do research to get the old
> behavior in their new databases and clusters.

True.  I want to maximize the experience for different classes of database:

1. Databases needing user isolation and unknowingly not getting it.
2. Databases not needing user isolation, e.g. automated test environments.

Expecting all of these DBAs to read a 500-word doc section is failure-prone.
For the benefit of (2), I'm now thinking about adding a release note sentence,
"For a new database having zero need to defend against insider threats,
granting back the privilege yields the PostgreSQL 14 behavior."



pgsql-hackers by date:

Previous
From: Masahiko Sawada
Date:
Subject: Re: Issue with pg_stat_subscription_stats
Next
From: "osumi.takamichi@fujitsu.com"
Date:
Subject: RE: Re-order "disable_on_error" in tab-complete COMPLETE_WITH