Not open to public
Back in 2020 at the FOSDEM PGDay I discovered how the public schema’s permissions were far too permissive.
In any PostgreSQL up to version 14 any logged user could create relations or functions in the public schema posing a concrete risk for the database security.
In this post I want to recollect the thoughts about the issue, how to fix it and why it shouldn’t be ignored even if the instance has been migrated to a PostgreSQL version in theory not affected by the problem.