On Mon, Nov 2, 2020 at 11:05:15PM -0800, Noah Misch wrote: > On Mon, Nov 02, 2020 at 12:42:26PM -0500, Tom Lane wrote: > > Robert Haas <robertmh...@gmail.com> writes: > > > On Mon, Nov 2, 2020 at 5:51 AM Peter Eisentraut > > > <peter.eisentr...@2ndquadrant.com> wrote: > > >> I'm not convinced, however, that this would would really move the needle > > >> in terms of the general security-uneasiness about the public schema and > > >> search paths. AFAICT, in any of your proposals, the default would still > > >> be to have the public schema world-writable and in the path. > > > > > Noah's proposed change to initdb appears to involve removing CREATE > > > permission by default, so I don't think this is true. > > > > I assume that means removing *public* CREATE permissions, not the > > owner's (which'd be the DB owner with the proposed changes). > > My plan is for the default to become: > > GRANT USAGE ON SCHEMA public TO PUBLIC; > ALTER SCHEMA public OWNER TO DATABASE_OWNER; -- new syntax
Seems it would be better to create a predefined role that owns the public schema, or at least has create permission for the public schema --- that way, when you are creating a role, you can decide if the role should have creation permissions in the public schema, rather than having people always using the database owner for this purpose. -- Bruce Momjian <br...@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee
