On Mon, Nov 2, 2020 at 5:51 AM Peter Eisentraut
<peter.eisentraut@2ndquadrant.com> wrote:
> I'm not convinced, however, that this would would really move the needle
> in terms of the general security-uneasiness about the public schema and
> search paths. AFAICT, in any of your proposals, the default would still
> be to have the public schema world-writable and in the path.
Noah's proposed change to initdb appears to involve removing CREATE
permission by default, so I don't think this is true.
It's hard to predict how many users that might inconvenience, but I
suppose it's probably a big number. On the other hand, the only
alternative is to continue shipping a configuration that, by default,
is potentially insecure. It's hard to decide which thing we should
care more about.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company