Re: public schema default ACL
Noah Misch <noah@leadboat.com>
From: Noah Misch <noah@leadboat.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: "David G. Johnston" <david.g.johnston@gmail.com>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, Stephen Frost <sfrost@snowman.net>, Alvaro Herrera <alvherre@alvh.no-ip.org>, Tom Lane <tgl@sss.pgh.pa.us>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2018-03-24T02:47:39Z
Lists: pgsql-hackers
On Thu, Mar 08, 2018 at 11:14:59PM -0800, Noah Misch wrote: > On Thu, Mar 08, 2018 at 02:00:23PM -0500, Robert Haas wrote: > > I also wonder why we're all convinced that this urgently needs to be > > changed. I agree that the default configuration we ship is not the > > most secure configuration that we could ship. However, I think it's a > > big step from saying that the configuration is not as secure as it > > could be to saying that we absolutely must change it for v11. > > Did someone say that? I, for one, wanted to change it but didn't intend to > present it as a "must change". In light of the mixed reception, I am withdrawing this proposal.
Commits
-
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
- b073c3ccd06e 15.0 landed
-
Document security implications of search_path and the public schema.
- 5770172cb0c9 11.0 cited