Query goal: | Find as to whether PUBLIC (all current and future users) has TEMPORARY privilege in the database. PUBLIC gets the privilege by default. |
Query type: | Problem detection (Each row in the result could represent a flaw in the design) |
Query reliability: | High (Few or no false-positive results) |
Query license: | MIT License |
Fixing suggestion: | Revoke the privilege from PUBLIC. |
Data source: | system catalog only |
SQL query: | Click on query to copy it
SELECT 'TEMPORARY privilege to the database has been granted to PUBLIC' AS mistake FROM pg_database WHERE datname=current_database() AND (array_to_string(datacl,',') IS NULL OR array_to_string(datacl,',') ~ '^=.{0,1}[T].{0,1}/'); |
SQL query | Description |
---|---|
SELECT format('REVOKE TEMP ON DATABASE %1$I FROM PUBLIC;', current_database()) AS statements FROM pg_database WHERE datname=current_database() AND (array_to_string(datacl,',') IS NULL OR array_to_string(datacl,',') ~ '^=.{0,1}[T].{0,1}/'); | Revoke the TEMPORARY privilege from PUBLIC. |
Collection name | Collection description |
---|---|
Find problems automatically | Queries, that results point to problems in the database. Each query in the collection produces an initial assessment. However, a human reviewer has the final say as to whether there is a problem or not . |
Category name | Category description |
---|---|
Security | Queries of this category provide information about the security measures. |