| From: | Andrew Sullivan <ajs(at)crankycanuck(dot)ca> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: On "multi-master" |
| Date: | 2005-10-14 17:06:27 |
| Message-ID: | 20051014170627.GA20107@phlogiston.dyndns.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Oct 14, 2005 at 11:16:36AM -0500, Scott Marlowe wrote:
> You're users shouldn't be able to do that. If they can, you've set up
> your system wrong. Only the DBA should have access to that machine.
And DBAs aren't users? Oftentimes, a big goal is to protect against
operator error. DBAs who are called to resolve a problem at 2 AM are
_exactly_ the people we're protecting against.
No, you can never completely lock down a system to protect against
root doing 'rm -rf /'. But you can make it harder, and this approach
doesn't do that well enough to be able to advertise that you can't
muck with the system by accident. (Note that erserver had this
problem, too; it's one of the things we were at some pains to prevent
in Slony-I. We didn't get it perfect, though, and there are gaps in
that system as a result. It'd be even more dangerous in a
multimaster system.) And again, this is not to say there are any
flies on pgpool.
A
--
Andrew Sullivan | ajs(at)crankycanuck(dot)ca
The fact that technology doesn't work is no bar to success in the marketplace.
--Philip Greenspun
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Sullivan | 2005-10-14 17:08:00 | Re: On "multi-master" |
| Previous Message | Tom Lane | 2005-10-14 17:05:53 | Re: [GENERAL] Postgres logs to syslog LOCAL0 |