Peter Fein <pfein@pobox.com> writes:
> In particular, by writing TEMPLATE template0, you can create a virgin
> database containing only the standard objects predefined by your version
> of PostgreSQL.
> I guess I'm just surprised that template0 would have *any* ACLs set
PUBLIC is one of the standard predefined objects.
> (aside from those needed by system catalogs, etc.). It seems to be
> favoring convenience by default instead of security by default.
I don't see the ability to create a table as a security violation.
If you do, you can lock down your database however you want ... but
that doesn't mean that everyone else should have to follow your ideas.
regards, tom lane