Home > mailing lists

Re: Restricting user to see schema structure - Mailing list pgsql-general

From	David G. Johnston
Subject	Re: Restricting user to see schema structure
Date	May 18, 2022 04:50:11
Msg-id	CAKFQuwb-2mGYvwJn2yA_ygEbYk=uaV4w4BNi-bMotaiPNGww_A@mail.gmail.com Whole thread Raw
In response to	Re: Restricting user to see schema structure (Bryn Llewellyn <bryn@yugabyte.com>)
List	pgsql-general

Tree view

On Tue, May 17, 2022 at 6:47 PM Bryn Llewellyn <bryn@yugabyte.com> wrote:

adrian.klaver@aklaver.com wrote:

bryn@yugabyte.com wrote:

The paragraph describes very surprising behavior in the present era of "secure by default". The sentence "For maximum security..." at the end emphasizes this and has you go to some effort (CREATE and REVOKE in the same txn) to undo the "insecurity by default" paradigm. I s'pose that compatibility on upgrade means that nothing can change here.

There is movement on this front coming in Postgres 15:

https://www.postgresql.org/docs/devel/release-15.html

Do you mean that, for example, "create database x" will no longer imply "grant connect on database x to public" and "create function f()" will no longer imply "grant execute on function f() to public"? That would be good. But I can't find wording to that effect on the page.

No, the changes are to the defaults for the public schema - which makes actually removing it from the database post-creation less necessary.

David J.

pgsql-general by date:

From: Bryn Llewellyn
Date: 18 May 2022, 04:47:13
Subject: Re: Restricting user to see schema structure

From: Dominique Devienne
Date: 18 May 2022, 13:07:47
Subject: Who am I? Where am I connected?

Re: Restricting user to see schema structure - Mailing list pgsql-general

Previous

Next