[molsson]

The OWASP Postgres hardening page recommends that one removes the default "public" schema in postgres: https://www.owasp.org/index.php/OWASP_Backend_Security_Proje...

...whereas this course seems to use the public schema and just query for "SELECT * IN public.foobar" etc.

I remember being a bit confused about "schemas" when I switched from mysql to postgres. I think it would be good to have a special section that explains what schemas are typically used for, and in particular when/how to use the public schema correctly.

[nsainsbury]

I think that's a reasonable recommendation if you're deploying Postgres in production. Not something I'd want to cover in any of my current chapters, where the focus is on teaching people SQL, but definitely something I'll mention down the road when adding a chapter around production deployment and security recommendations.

[molsson]

I agree. Some more info here for those interested: https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_P...

[just_myles]

I had that same problem when I switched from postgres to mysql and big query with their "projects"..

[paulddraper]

Wow, OWASP recommends keeping your database schema secret.

I've never been big on security through obfuscation.