Okay, in other words, there's no way to completely defend oneself from DoS attacks which require having a session? If so, is there a scenario where some bad actor can create a new user for themselves (to connect to the database with), and not be able to do anything more damaging than that? For example, if I can do an SQL injection, then I can do something more clever than running a CREATE ROLE. And if not, then there's no point in worrying about privileges in a single-tenant database? Beyond human error safeguards.
Olegs On Sat, Feb 17, 2018 at 10:08 PM, David G. Johnston < david.g.johns...@gmail.com> wrote: > On Saturday, February 17, 2018, Olegs Jeremejevs <ol...@jeremejevs.com> > wrote: > >> Thanks for the reply. >> >> > I'm not sure whether you are really being limited/forced here or if >> you are thinking that having CREATE and USAGE on a schema is more powerful >> than it is... >> >> As far as I know, having these permissions has a DoS potential, though, >> admittedly, negligible, if the rest of the database is secured properly. >> Just wanted to play safe and revoke them. >> > > To an extent it is possible to DoS so long as you have a session and > access to pg_catalog. Having create and usage on public doesn't > meaningfully (if at all) expand the risk surface area. Default also > provides for creating temporary tables. > > David J. >
