Home > mailing lists

Re: What is the best thing to do with PUBLIC schema in Postgresql database - Mailing list pgsql-general

From	David Steele
Subject	Re: What is the best thing to do with PUBLIC schema in Postgresql database
Date	November 4, 2016 19:55:09
Msg-id	9b426224-ca80-8803-bcf2-dfd940e21c0d@pgmasters.net Whole thread Raw
In response to	What is the best thing to do with PUBLIC schema in Postgresql database ("Hu, Patricia" <Patricia.Hu@finra.org>)
List	pgsql-general

Tree view

On 11/4/16 3:58 PM, Hu, Patricia wrote:
> Since it could potentially be a security loop hole. So far the action taken to address it falls into these two
categories:
>
>     drop the PUBLIC schema altogether. One of the concerns is with some of the system objects that have been exposed
throughPUBLIC schema previously, now they will need other explicit grants to be accessible to users. e.g
pg_stat_statements.
>     keep the PUBLIC schema but revoke all privileges to it from public role, then grant as necessity comes up.
>
> Any feedback and lessons from those who have implemented this?

I always drop the public schema as the first step of any build and have
never seen any ill effects.

Nothing is exposed by default in the public schema unless you install
extensions into it.

--
-David
david@pgmasters.net

pgsql-general by date:

From: Alban Hertroys
Date: 04 November 2016, 18:24:44
Subject: Re: Recover from corrupted database due to failing disk

From: Dmitry Karasik
Date: 04 November 2016, 20:41:43
Subject: Re: replication setup: advice needed

Re: What is the best thing to do with PUBLIC schema in Postgresql database - Mailing list pgsql-general

Previous

Next