Re: Using the public schema

Поиск
Список
Период
Сортировка
От Thomas Poty
Тема Re: Using the public schema
Дата
Msg-id CAN_ctni6gs57eCMNV1imwa3qSgADYedJK58LgVSRNEan2+AtyQ@mail.gmail.com
обсуждение исходный текст
Ответ на Using the public schema  (Charlin Barak <charlinbarak@gmail.com>)
Список pgsql-general
Дерево обсуждения
Hi charlin,
I invite you to  read this doc it explains very well  the security issue with the public schéma : https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path

The main problem with the public schéma is the default privileges (execute) granted to all users able to connect. 

Personally, each time i create a database, i remove the public schema 

Regards 
Thomas 

Le lun. 23 avr. 2018 à 17:00, Charlin Barak <charlinbarak@gmail.com> a écrit :
Hi,
We will be developing three new applications in PostgreSQL, each having its own database instance running on different hosts. We will only have one schema per Postgres instance. The data is read-write only by one application/schema in the DB instance and the data is published to other
applications via API calls.

In such a standalone database configuration, are there any security implications or any downsides to creating the application in the public schema?

Thanks.


В списке pgsql-general по дате отправления:

Предыдущее
От: Andrew Edenburn
Дата:
Сообщение: Postgres PAF setup
Следующее
От: Alexander Farber
Дата:
Сообщение: Re: Adding AVG to a JOIN