Skip site navigation (1) Skip section navigation (2)

Re: drupal.org MySQL database issues

From: "Gavin M(dot) Roy" <gmr(at)ehpg(dot)net>
To: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
Cc: "Magnus Hagander" <magnus(at)hagander(dot)net>, "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-advocacy(at)postgresql(dot)org
Subject: Re: drupal.org MySQL database issues
Date: 2007-05-17 22:00:33
Message-ID: 5b599cc10705171500p6aa5d20ewc398d7e67beee558@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-advocacy
There is something to be said though with the security of not allowing the
daemon to alter pg_hba.conf.  What I think would work is a two step auth
process that uses a pg_hba table then falls back to pg_hba.conf if there is
no match.  This keeps the complete security of preventing compromised
database from altering the text file.

Thoughts?

Gavin

On 5/17/07, Joshua D. Drake <jd(at)commandprompt(dot)com> wrote:
>
> Magnus Hagander wrote:
> > Gavin M. Roy wrote:
> >> I think for one, mysql uses tables for all of its access control.
> >> Coding plesk/cpanel to modify pg_hba.conf and rehup postgres would take
> >> a bit more work, I would imagine.
> >
> > In a lot of environments, it'd certainly be impossible, at least until
> > we make it possible to edit the config files remote... (oops, recap of
> > endless amounts of discussions on letting pgadmin do that..)
>
> Well more to the point. There really is zero reason why we can't have a
> table representation of pg_hba_conf that is the pg_hba.conf file that
> has triggers that right out the file.
>
>
> >
> >> Do we really want to pursue making PostgreSQL easier to admin for the
> >> non-system admin?  Cpanel and plesk and like tools are pretty far down
> >> the list of important things to support or code for.
> >
> > If we want to make inroads into shared-hosting environments, it would
> > certainly help...
>
> It is not just shared hosting... dedicated hosting starts as little as
> 69.00 with Cpanel :)...
>
> Note that I am not advocating making it easier for Cpanel. I am just
> making a point that it is not limited to shared hosting.
>
> I am however advocating that it is pretty dumb that our conf files are
> *required* as a little text file on the filesystem and can not be
> managed via the database.
>
> Joshua D. Drake
>
>
>
> >
> > //Magnus
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: explain analyze is your friend
> >
>
>
> --
>
>        === The PostgreSQL Company: Command Prompt, Inc. ===
> Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
> Providing the most comprehensive  PostgreSQL solutions since 1997
>               http://www.commandprompt.com/
>
> Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
> PostgreSQL Replication: http://www.commandprompt.com/products/
>
>

In response to

Responses

pgsql-advocacy by date

Next:From: Joshua D. DrakeDate: 2007-05-17 22:05:45
Subject: Re: drupal.org MySQL database issues
Previous:From: Joshua D. DrakeDate: 2007-05-17 21:54:06
Subject: Re: drupal.org MySQL database issues

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group