From: | Noah Misch <noah(at)leadboat(dot)com> |
---|---|
To: | Bruce Momjian <bruce(at)momjian(dot)us> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: First draft of the PG 15 release notes |
Date: | 2022-07-12 06:31:32 |
Message-ID: | 20220712063132.GB2937407@rfd.leadboat.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Jul 11, 2022 at 12:39:57PM -0400, Bruce Momjian wrote:
> I had trouble reading the sentences in the order you used so I
> restructured it:
>
> The new default is one of the secure schema usage patterns that <xref
> linkend="ddl-schemas-patterns"/> has recommended since the security
> release for CVE-2018-1058. The change applies to newly-created
> databases in existing clusters and for new clusters. Upgrading a
> cluster or restoring a database dump will preserve existing permissions.
I agree with the sentence order change.
> For existing databases, especially those having multiple users, consider
> issuing <literal>REVOKE</literal> to adopt this new default. For new
> databases having zero need to defend against insider threats, granting
> <literal>USAGE</literal> permission on their <literal>public</literal>
> schemas will yield the behavior of prior releases.
s/USAGE/CREATE/ in the last sentence. Looks good with that change.
From | Date | Subject | |
---|---|---|---|
Next Message | Fujii.Yuki@df.MitsubishiElectric.co.jp | 2022-07-12 06:49:16 | RE: WIP: Aggregation push-down - take2 |
Previous Message | Amit Kapila | 2022-07-12 06:25:47 | Re: [BUG] Logical replication failure "ERROR: could not map filenode "base/13237/442428" to relation OID" with catalog modifying txns |