To help you achieve a strong security posture for your AlloyDB for PostgreSQL resources, follow the best practices provided in this page.
Prevent search path hijacking
To prevent search path hijacking
, make sure that highly privileged
users have the search_path
parameter set to pg_catalog
. This makes sure that the search path is secured and that untrusted schemas like public
are bypassed.
To set this parameter permanently for a user, run the following command:
ALTER
ROLE
USER_NAME
SET
search_path
=
pg_catalog
,
pg_temp
;
To set this parameter only for the current session, run the following command:
SET
search_path
TO
pg_catalog
,
pg_temp
;
To set this parameter for all users when connected to a database, run the following command:
ALTER
DATABASE
DB_NAME
SET
search_path
TO
schema1
,
schema2
,
public
;
For more information, see the PostgreSQL documentation on secure schema usage and the CVE-2018-1058 guide .
