Best practices for securing your AlloyDB for PostgreSQL resources

To help you achieve a strong security posture for your AlloyDB for PostgreSQL resources, follow the best practices provided in this page.

Prevent search path hijacking

To prevent search path hijacking, make sure that highly privileged users have the search_path parameter set to pg_catalog. This makes sure that the search path is secured and that untrusted schemas like public are bypassed.

To set this parameter permanently for a user, run the following command:

ALTER ROLE USER_NAME SET search_path = pg_catalog,pg_temp;

To set this parameter only for the current session, run the following command:

SET search_path TO pg_catalog,pg_temp;

To set this parameter for all users when connected to a database, run the following command:

ALTER DATABASE DB_NAME SET search_path TO schema1, schema2, public;

For more information, see the PostgreSQL documentation on secure schema usage and the CVE-2018-1058 guide.

Best practices for securing your AlloyDB for PostgreSQL resources Stay organized with collections Save and categorize content based on your preferences.

Prevent search path hijacking

Best practices for securing your AlloyDB for PostgreSQL resources