severity 571135 normal thanks Re: Bastian Blank 2010-02-23 <20100223185637.ga7...@wavehammer.waldi.eu.org> > By default, public have USAGE rights to template1, so can always connect > there if allowed by pg_hba.conf. Now the default permissions of the > public schema are CREATE and USAGE for public. This means that everyone > is allowed to create things in the public schema. > > | public | postgres | postgres=UC/postgres | standard public > schema > | : =UC/postgres > > The documentation say: > | Depending on the type of object, the initial default privileges might > | include granting some privileges to PUBLIC. The default is no public > | access for tables, columns, schemas, and tablespaces; > > So this differs from the default access to this time. initdb > explicitely sets this default permissions, so this looks intentional. > This means that many people may be able to add things into the default > template.
I don't think this is going to be changed. The initial permissions are there to make the database usable for "the public" (that's also what the name says). If you don't like the public schema, just drop it. Security-wise this is not that much of a problem as users need to be explicitely created in the database cluster before they can connect. I would agree that there might be a case to lock access to template1 for everyone except postgres by default. We might still decide not to deviate from upstream here, though. Martin, Peter? Christoph -- c...@df7cb.de | http://www.df7cb.de/
signature.asc
Description: Digital signature
