Re: First draft of the PG 15 release notes - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: First draft of the PG 15 release notes
Date
Msg-id YsTNqC5QO2666i+G@momjian.us
Whole thread Raw
In response to Re: First draft of the PG 15 release notes  (Noah Misch <noah@leadboat.com>)
Responses Re: First draft of the PG 15 release notes
List pgsql-hackers
On Tue, Jul  5, 2022 at 02:57:52PM -0700, Noah Misch wrote:
> Since having too-permissive ACLs is usually symptom-free, I share your
> forecast about the more-common question.  Expect questions on mailing lists,
> stackoverflow, etc.  The right way to answer those questions is roughly this:
> 
>     > On PostgreSQL 15, my application gets "permission denied for schema
>     > public".  What should I do?
> 
>     You have a choice to make.  The best selection depends on the security
>     needs of your database.  See
>     https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
>     for a guide to making that choice.
> 
> Recommending GRANT to that two-sentence question would be negligent.  One
> should know a database's lack of security needs before recommending GRANT.
> This is a key opportunity to have more users make the right decision while
> their attention is on the topic.

Yes, I think it is a question of practicality vs. desirability.  We are
basically telling people they have to do research to get the old
behavior in their new databases and clusters.

> > My only stylistic suggestion would be to remove "a" from "a
> > <literal>REVOKE</literal>".
> 
> I'll plan to push with that change.

WFM.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Indecision is a decision.  Inaction is an action.  Mark Batterson




pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: should check interrupts in BuildRelationExtStatistics ?
Next
From: Michael Paquier
Date:
Subject: Re: should check interrupts in BuildRelationExtStatistics ?