#6148: Add generic support for database schemas -------------------------------------+------------------------------------- Reporter: Ian Kelly | Owner: (none) Type: New feature | Status: new Component: Database layer | Version: dev (models, ORM) | Severity: Normal | Resolution: Keywords: oracle postgresql | Triage Stage: Accepted mysql schemas | Has patch: 1 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 1 Easy pickings: 0 | UI/UX: 0 -------------------------------------+-------------------------------------
Comment (by Simon Charette): As pointed out by a kind attendee at DjangoConUS 2022 we might have to revive [https://github.com/django/django/pull/6162/ Anssi's PR] sooner than later to support installs against PostgresSQL 15+. From [https://www.postgresql.org/docs/release/15.0/ PostgresSQL 15.0 release notes] > Remove `PUBLIC` creation permission on the public schema (Noah Misch) > > The new default is one of the secure schema usage patterns that Section 5.9.6 has recommended since the security release for CVE-2018-1058. The change applies to new database clusters and to newly-created databases in existing clusters. Upgrading a cluster or restoring a database dump will preserve public's existing permissions. > > For existing databases, especially those having multiple users, consider revoking `CREATE` permission on the public schema to adopt this new default. For new databases having no need to defend against insider threats, granting `CREATE` permission will yield the behavior of prior releases. If your project was created on PostgreSQL < 15 you should not run into any issues even when upgrading but for projects created on a fresh 15+ install you might have to issue a `GRANT CREATE ON SCHEMA public TO $your_django_user` until support for `DATABASES['SCHEMA']` is added. -- Ticket URL: <https://code.djangoproject.com/ticket/6148#comment:188> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/01070184004a34d2-9e17aaa7-d54d-40b2-aac9-2b0c8a6f48ba-000000%40eu-central-1.amazonses.com.