On Tue, May 17, 2022 at 6:47 PM Bryn Llewellyn <bryn@xxxxxxxxxxxx> wrote:
adrian.klaver@xxxxxxxxxxx wrote:bryn@xxxxxxxxxxxx wrote:The paragraph describes very surprising behavior in the present era of "secure by default". The sentence "For maximum security..." at the end emphasizes this and has you go to some effort (CREATE and REVOKE in the same txn) to undo the "insecurity by default" paradigm. I s'pose that compatibility on upgrade means that nothing can change here.
There is movement on this front coming in Postgres 15:
https://www.postgresql.org/docs/devel/release-15.html
Do you mean that, for example, "create database x" will no longer imply "grant connect on database x to public" and "create function f()" will no longer imply "grant execute on function f() to public"? That would be good. But I can't find wording to that effect on the page.
No, the changes are to the defaults for the public schema - which makes actually removing it from the database post-creation less necessary.
David J.
