Re: public schema default ACL
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Alvaro Herrera <alvherre@alvh.no-ip.org>
Cc: Stephen Frost <sfrost@snowman.net>, Noah Misch <noah@leadboat.com>,
Robert Haas <robertmhaas@gmail.com>,
"pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2018-03-07T14:44:50Z
Lists: pgsql-hackers
Alvaro Herrera <alvherre@alvh.no-ip.org> writes: > Now, maybe the idea of creating it as soon as a connection is > established is not great. What about creating it only when the first > object creation is attempted and there is no other schema to create in? > This avoid pointless proliferation of empty user schemas, as well as > avoid the overhead of checking existence of schem $user on each > connection. Hmm. On first glance that sounds bizarre, but we do something pretty similar for the pg_temp schemas, so it could likely be made to work. One issue to think about is exactly which $user we intend to make the schema for, if we've executed SET SESSION AUTHORIZATION, or are inside a SECURITY DEFINER function, etc etc. I'd argue that only the original connection username should get this treatment, which may mean that object creation can fail in those contexts. regards, tom lane
Commits
-
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
- b073c3ccd06e 15.0 landed
-
Document security implications of search_path and the public schema.
- 5770172cb0c9 11.0 cited