Patricia Hu wrote: > Since it could potentially be a security loop hole. So far the action taken to address it falls into > these two categories: > > drop the PUBLIC schema altogether. One of the concerns is with some of the system objects that > have been exposed through PUBLIC schema previously, now they will need other explicit grants to be > accessible to users. e.g pg_stat_statements. > keep the PUBLIC schema but revoke all privileges to it from public role, then grant as necessity > comes up. > > Any feedback and lessons from those who have implemented this? I'd prefer the second approach as it is less invasive and prevents undesirable objects in schema "public" just as well. > Confidentiality Notice:: This email, including attachments, may include non-public, proprietary, > confidential or legally privileged information. If you are not an intended recipient or an authorized > agent of an intended recipient, you are hereby notified that any dissemination, distribution or > copying of the information contained in or transmitted with this e-mail is unauthorized and strictly > prohibited. You are hereby notified that any dissemination, distribution or copying of the information contained in or transmitted with your e-mail is hunky-dory. Yours, Laurenz Albe -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
