Re: First draft of the PG 15 release notes - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: First draft of the PG 15 release notes
Date
Msg-id Ys3BqwfxDAwCDjES@momjian.us
Whole thread Raw
In response to Re: First draft of the PG 15 release notes  (Noah Misch <noah@leadboat.com>)
Responses Re: First draft of the PG 15 release notes
Re: First draft of the PG 15 release notes
List pgsql-hackers
On Mon, Jul 11, 2022 at 11:31:32PM -0700, Noah Misch wrote:
> On Mon, Jul 11, 2022 at 12:39:57PM -0400, Bruce Momjian wrote:
> > I had trouble reading the sentences in the order you used so I
> > restructured it:
> > 
> >     The new default is one of the secure schema usage patterns that <xref
> >     linkend="ddl-schemas-patterns"/> has recommended since the security
> >     release for CVE-2018-1058.  The change applies to newly-created
> >     databases in existing clusters and for new clusters.  Upgrading a
> >     cluster or restoring a database dump will preserve existing permissions.
> 
> I agree with the sentence order change.

Great.

> >     For existing databases, especially those having multiple users, consider
> >     issuing <literal>REVOKE</literal> to adopt this new default.  For new
> >     databases having zero need to defend against insider threats, granting
> >     <literal>USAGE</literal> permission on their <literal>public</literal>
> >     schemas will yield the behavior of prior releases.
> 
> s/USAGE/CREATE/ in the last sentence.  Looks good with that change.

Ah, yes, of course.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Indecision is a decision.  Inaction is an action.  Mark Batterson




pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: Transparent column encryption
Next
From: Peter Eisentraut
Date:
Subject: Re: System catalog documentation chapter