From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Noah Misch <noah(at)leadboat(dot)com> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com> |
Subject: | Re: public schema default ACL |
Date: | 2020-08-03 15:22:48 |
Message-ID: | 20200803152248.GB17519@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sun, Aug 2, 2020 at 11:30:50PM -0700, Noah Misch wrote:
> On Fri, Mar 23, 2018 at 07:47:39PM -0700, Noah Misch wrote:
> > In light of the mixed reception, I am withdrawing this proposal.
>
> I'd like to reopen this. Reception was mixed, but more in favor than against.
> Also, variations on the idea trade some problems for others and may be more
> attractive. The taxonomy of variations has three important dimensions:
>
> Interaction with dump/restore (including pg_upgrade) options:
> a. If the schema has a non-default ACL, dump/restore reproduces it.
> Otherwise, the new default prevails.
> b. Dump/restore always reproduces the schema ACL.
I am worried that someone _slightly_ modifies the ACL permissions on the
schema, and we reproduce it, and they think they are secure, but they
are not. I guess for the public, and change would be to make it more
secure, so maybe this works, but it seems tricky.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2020-08-03 15:26:27 | Re: public schema default ACL |
Previous Message | Robert Haas | 2020-08-03 15:10:41 | Re: new heapcheck contrib module |