Skip site navigation (1) Skip section navigation (2)

Re: Remote administration functionality

From: Steve Atkins <steve(at)blighty(dot)com>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Remote administration functionality
Date: 2005-07-31 04:35:16
Message-ID: 20050731043516.GC5856@gp.word-to-the-wise.com (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
On Sat, Jul 30, 2005 at 11:39:20PM -0400, Bruce Momjian wrote:
> Let me try to outline where I think our goals are for remote
> administration.  I will not comment on Dave's analysis of the patch
> review process, but I think he has some valid points that this patch was
> not treated properly.
> 
> Basically, I think everyone wants remote administration.  Remote
> administration requires several things:
> 
> 	o  edit postgresql.conf
> 	o  edit pg_hba.conf
> 	o  reload the config files
> 	o  restart the server (for config variables requiring restart)
> 	o  view log files
> 	o  recycle log files
> 	o  rename/remove log files
> 
> All these items are on the TODO list already.

My security spider-sense tingles when I see the ability for a remote
attacker to not only completely override password, certificate and IP
absed authentication but also to easily remove logfiles.

So, while I can see the attraction of being able to futz with the
database security configuration through a PHP web interface running on
an unpatched Apache build somewhere out on the open internet (and
would like to be able to do so myself, sometimes) I'd really, really
like to see the ability to disable as much of this at compile time as
is convenient.

Cheers,
  Steve

In response to

Responses

pgsql-hackers by date

Next:From: Alvaro HerreraDate: 2005-07-31 04:48:10
Subject: Re: Remote administration functionality
Previous:From: Bruce MomjianDate: 2005-07-31 03:39:20
Subject: Remote administration functionality

pgsql-patches by date

Next:From: Alvaro HerreraDate: 2005-07-31 04:48:10
Subject: Re: Remote administration functionality
Previous:From: Bruce MomjianDate: 2005-07-31 03:39:20
Subject: Remote administration functionality

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group