Using the public schema
Hi,
We will be developing three new applications in PostgreSQL, each having its
own database instance running on different hosts. We will only have one
schema per Postgres instance. The data is read-write only by one
application/schema in the DB instance and the data is published to other
applications via API calls.
In such a standalone database configuration, are there any security
implications or any downsides to creating the application in the public
schema?
Thanks.
Hi charlin,
I invite you to read this doc it explains very well the security issue
with the public schéma :
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path
The main problem with the public schéma is the default privileges (execute)
granted to all users able to connect.
Personally, each time i create a database, i remove the public schema
Regards
Thomas
Le lun. 23 avr. 2018 à 17:00, Charlin Barak <charlinbarak@gmail.com> a
écrit :
Show quoted text
Hi,
We will be developing three new applications in PostgreSQL, each having
its own database instance running on different hosts. We will only have one
schema per Postgres instance. The data is read-write only by one
application/schema in the DB instance and the data is published to other
applications via API calls.In such a standalone database configuration, are there any security
implications or any downsides to creating the application in the public
schema?Thanks.
Erratum :
The main problem with the public schéma is the default privileges (*create*)
granted to all users able to connect.
Le lun. 23 avr. 2018 à 21:16, Thomas Poty <thomas.poty@gmail.com> a écrit :
Show quoted text
Hi charlin,
I invite you to read this doc it explains very well the security issue
with the public schéma :
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_PathThe main problem with the public schéma is the default privileges
(execute) granted to all users able to connect.Personally, each time i create a database, i remove the public schema
Regards
ThomasLe lun. 23 avr. 2018 à 17:00, Charlin Barak <charlinbarak@gmail.com> a
écrit :Hi,
We will be developing three new applications in PostgreSQL, each having
its own database instance running on different hosts. We will only have one
schema per Postgres instance. The data is read-write only by one
application/schema in the DB instance and the data is published to other
applications via API calls.In such a standalone database configuration, are there any security
implications or any downsides to creating the application in the public
schema?Thanks.
Import Notes
Resolved by subject fallback
Charlin Barak wrote:
We will be developing three new applications in PostgreSQL, each having its own
database instance running on different hosts. We will only have one schema per
Postgres instance. The data is read-write only by one application/schema in the
DB instance and the data is published to other applications via API calls.In such a standalone database configuration, are there any security implications
or any downsides to creating the application in the public schema?
No, that's fine.
Just REVOKE CREATE ON SCHEMA public FROM PUBLIC.
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com
Thanks Laurenz. That works.
On Tue, Apr 24, 2018 at 4:00 PM, Laurenz Albe <laurenz.albe@cybertec.at>
wrote:
Show quoted text
Charlin Barak wrote:
We will be developing three new applications in PostgreSQL, each having
its own
database instance running on different hosts. We will only have one
schema per
Postgres instance. The data is read-write only by one application/schema
in the
DB instance and the data is published to other applications via API
calls.
In such a standalone database configuration, are there any security
implications
or any downsides to creating the application in the public schema?
No, that's fine.
Just REVOKE CREATE ON SCHEMA public FROM PUBLIC.
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com