Martijn van Oosterhout wrote: > On Fri, Aug 12, 2005 at 08:34:23AM -0500, Peter Fein wrote: > >>Ok. ;) A little further investigation revealed that template0 gives the >>same result. It's potentially confusing that template0 is initialized >>this way - I couldn't find any indication of such in the manual. In >>fact, from CREATE DATABASE: >> >>In particular, by writing TEMPLATE template0, you can create a virgin >>database containing only the standard objects predefined by your version >>of PostgreSQL. > > > It's mentioned in: > > http://www.postgresql.org/docs/8.0/static/ddl-schemas.html#DDL-SCHEMAS-PRIV > > The public schema is setup so anyone can access it, that's why it's > called public. Ack, ok. Thanks for the link. > >>I guess I'm just surprised that template0 would have *any* ACLs set >>(aside from those needed by system catalogs, etc.). It seems to be >>favoring convenience by default instead of security by default. > > > The purpose of blocking access to public by default would be... If you > don't want people to access the database, don't let them login. Forcing admins to specify who has access? Anyway, I'm persuaded. I've been thinking of the public schema as the place where all my application-level data & functionality will live, with separate schemas for more generic functionality - think packages/modules in the software world. My DB backends a webapp & I'm worried about SQL injection & the like. Revoking all access from PUBLIC obviously doesn't solve that problem, but it limits the scope of potential damage. > Seems akin to removing all permissions from the home directory of a new > user so not even they can access it. Sure it's secure, but not terribly > useful. I think it's more like chmod 640... Thanks all for the help. -- Peter Fein pfein@xxxxxxxxx 773-575-0694 Basically, if you're not a utopianist, you're a schmuck. -J. Feldman ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings
