作者
digoal
日期
2021-09-13
标签
PostgreSQL , public , 权限 , schema
这个patch影响面很广, 一定要注意. 相当于执行了:
revoke create on schema public from public;
如果要保持和以前版本一样的权限, 从 15开始, 需要执行:
grant create on schema public to public;
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b073c3ccd06e4cb845e121387a43faa8c68a7b62
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
author Noah Misch <noah@leadboat.com>
Fri, 10 Sep 2021 06:38:09 +0000 (23:38 -0700)
committer Noah Misch <noah@leadboat.com>
Fri, 10 Sep 2021 06:38:09 +0000 (23:38 -0700)
commit b073c3ccd06e4cb845e121387a43faa8c68a7b62
tree 47e7f43d5ced29aab75de1942f2e905bcba86278 tree
parent cba79a163267a44205e391137deb543f4f89bc8b commit | diff
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
This switches the default ACL to what the documentation has recommended
since CVE-2018-1058. Upgrades will carry forward any old ownership and
ACL. Sites that declined the 2018 recommendation should take a fresh
look. Recipes for commissioning a new database cluster from scratch may
need to create a schema, grant more privileges, etc. Out-of-tree test
suites may require such updates.
Reviewed by Peter Eisentraut.
Discussion: https://postgr.es/m/20201031163518.GB4039133@rfd.leadboat.com
PostgreSQL 许愿链接
您的愿望将传达给PG kernel hacker、数据库厂商等, 帮助提高数据库产品质量和功能, 说不定下一个PG版本就有您提出的功能点. 针对非常好的提议,奖励限量版PG文化衫、纪念品、贴纸、PG热门书籍等,奖品丰富,快来许愿。开不开森.
9.9元购买3个月阿里云RDS PostgreSQL实例
PostgreSQL 解决方案集合
德哥 / digoal's github - 公益是一辈子的事.
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
