Skip site navigation (1) Skip section navigation (2)

"default deny" for roles

From: David Fetter <david(at)fetter(dot)org>
To: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: "default deny" for roles
Date: 2012-08-28 17:25:57
Message-ID: 20120828172557.GH17812@fetter.org (view raw or flat)
Thread:
Lists: pgsql-hackers
Folks,

There are situations where a "default deny" policy is the best fit.

To that end, I have a modest proposal:

    REVOKE PUBLIC FROM role;

Thenceforth, the role in question would only have access to things it
was specifically granted.

What say?

Cheers,
David.
-- 
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david(dot)fetter(at)gmail(dot)com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate


Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2012-08-28 17:30:44
Subject: Re: SP-GiST micro-optimizations
Previous:From: Tom LaneDate: 2012-08-28 17:06:42
Subject: Re: MySQL search query is not executing in Postgres DB

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group