Erratum : The main problem with the public schéma is the default privileges (*create*) granted to all users able to connect.
Le lun. 23 avr. 2018 à 21:16, Thomas Poty <thomas.p...@gmail.com> a écrit : > Hi charlin, > I invite you to read this doc it explains very well the security issue > with the public schéma : > https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path > > The main problem with the public schéma is the default privileges > (execute) granted to all users able to connect. > > Personally, each time i create a database, i remove the public schema > > Regards > Thomas > > Le lun. 23 avr. 2018 à 17:00, Charlin Barak <charlinba...@gmail.com> a > écrit : > >> Hi, >> We will be developing three new applications in PostgreSQL, each having >> its own database instance running on different hosts. We will only have one >> schema per Postgres instance. The data is read-write only by one >> application/schema in the DB instance and the data is published to other >> applications via API calls. >> >> In such a standalone database configuration, are there any security >> implications or any downsides to creating the application in the public >> schema? >> >> Thanks. >> >> >>
