Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default - Mailing list pgsql-general

From David G. Johnston
Subject Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default
Date
Msg-id CAKFQuwYF5Li2M9xW6iH3piv7DhwPO4rff+YnNTWfXkf64WDHuw@mail.gmail.com
Whole thread Raw
In response to Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default  (Olegs Jeremejevs <olegs@jeremejevs.com>)
Responses Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default
List pgsql-general
On Saturday, February 17, 2018, Olegs Jeremejevs <olegs@jeremejevs.com> wrote:
Thanks for the reply.

I'm not sure whether you are really being limited/forced here or if you are thinking that having CREATE and USAGE on a schema is more powerful than it is...

As far as I know, having these permissions has a DoS potential, though, admittedly, negligible, if the rest of the database is secured properly. Just wanted to play safe and revoke them.

To an extent it is possible to DoS so long as you have a session and access to pg_catalog.  Having create and usage on public doesn't meaningfully (if at all) expand the risk surface area.  Default also provides for creating temporary tables.

David J.

pgsql-general by date:

Previous
From: Olegs Jeremejevs
Date:
Subject: Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default
Next
From: Olegs Jeremejevs
Date:
Subject: Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default