Home > mailing lists

Re: Restricting user to see schema structure - Mailing list pgsql-general

From	Bryn Llewellyn
Subject	Re: Restricting user to see schema structure
Date	May 18, 2022 04:47:13
Msg-id	EC97579C-50A9-4CD4-AD71-CB06C1E24AE8@yugabyte.com Whole thread Raw
In response to	Re: Restricting user to see schema structure (Adrian Klaver <adrian.klaver@aklaver.com>)
Responses	Re: Restricting user to see schema structure
List	pgsql-general

Tree view

adrian.klaver@aklaver.com wrote:

bryn@yugabyte.com wrote:

The paragraph describes very surprising behavior in the present era of "secure by default". The sentence "For maximum security..." at the end emphasizes this and has you go to some effort (CREATE and REVOKE in the same txn) to undo the "insecurity by default" paradigm. I s'pose that compatibility on upgrade means that nothing can change here.

There is movement on this front coming in Postgres 15:

https://www.postgresql.org/docs/devel/release-15.html

Do you mean that, for example, "create database x" will no longer imply "grant connect on database x to public" and "create function f()" will no longer imply "grant execute on function f() to public"? That would be good. But I can't find wording to that effect on the page.

pgsql-general by date:

From: Adrian Klaver
Date: 18 May 2022, 03:28:44
Subject: Re: Restricting user to see schema structure

From: "David G. Johnston"
Date: 18 May 2022, 04:50:11
Subject: Re: Restricting user to see schema structure

Re: Restricting user to see schema structure - Mailing list pgsql-general

Previous

Next