On 11/4/16 3:58 PM, Hu, Patricia wrote:
Since it could potentially be a security loop hole. So far the action taken to address it falls into these two categories:drop the PUBLIC schema altogether. One of the concerns is with some of the system objects that have been exposed through PUBLIC schema previously, now they will need other explicit grants to be accessible to users. e.g pg_stat_statements. keep the PUBLIC schema but revoke all privileges to it from public role, then grant as necessity comes up. Any feedback and lessons from those who have implemented this?
I always drop the public schema as the first step of any build and have never seen any ill effects.
Nothing is exposed by default in the public schema unless you install extensions into it.
-- -David da...@pgmasters.net -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
