insecure defaults with postgres public schema?
You can revoke the public schema "create" permission in the template1
database, and this will be propagated to any newly-created database by default: databases are created by copying template1
(or some other database marked as a template, but template1
is the default).
Actually, you might want to simply drop the public
schema altogether in this situation, and delegate the job if creating it (if desired) to the database owner.
I used this article to advantage when I needed to a secure database: