On Sun, Aug 2, 2020 at 11:30:50PM -0700, Noah Misch wrote:
> On Fri, Mar 23, 2018 at 07:47:39PM -0700, Noah Misch wrote:
> > In light of the mixed reception, I am withdrawing this proposal.
>
> I'd like to reopen this. Reception was mixed, but more in favor than against.
> Also, variations on the idea trade some problems for others and may be more
> attractive. The taxonomy of variations has three important dimensions:
>
> Interaction with dump/restore (including pg_upgrade) options:
> a. If the schema has a non-default ACL, dump/restore reproduces it.
> Otherwise, the new default prevails.
> b. Dump/restore always reproduces the schema ACL.
I am worried that someone _slightly_ modifies the ACL permissions on the
schema, and we reproduce it, and they think they are secure, but they
are not. I guess for the public, and change would be to make it more
secure, so maybe this works, but it seems tricky.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee