From: | "Gavin M(dot) Roy" <gmr(at)ehpg(dot)net> |
---|---|
To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
Cc: | "Magnus Hagander" <magnus(at)hagander(dot)net>, "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-advocacy(at)postgresql(dot)org |
Subject: | Re: drupal.org MySQL database issues |
Date: | 2007-05-17 22:00:33 |
Message-ID: | 5b599cc10705171500p6aa5d20ewc398d7e67beee558@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-advocacy |
There is something to be said though with the security of not allowing the
daemon to alter pg_hba.conf. What I think would work is a two step auth
process that uses a pg_hba table then falls back to pg_hba.conf if there is
no match. This keeps the complete security of preventing compromised
database from altering the text file.
Thoughts?
Gavin
On 5/17/07, Joshua D. Drake <jd(at)commandprompt(dot)com> wrote:
>
> Magnus Hagander wrote:
> > Gavin M. Roy wrote:
> >> I think for one, mysql uses tables for all of its access control.
> >> Coding plesk/cpanel to modify pg_hba.conf and rehup postgres would take
> >> a bit more work, I would imagine.
> >
> > In a lot of environments, it'd certainly be impossible, at least until
> > we make it possible to edit the config files remote... (oops, recap of
> > endless amounts of discussions on letting pgadmin do that..)
>
> Well more to the point. There really is zero reason why we can't have a
> table representation of pg_hba_conf that is the pg_hba.conf file that
> has triggers that right out the file.
>
>
> >
> >> Do we really want to pursue making PostgreSQL easier to admin for the
> >> non-system admin? Cpanel and plesk and like tools are pretty far down
> >> the list of important things to support or code for.
> >
> > If we want to make inroads into shared-hosting environments, it would
> > certainly help...
>
> It is not just shared hosting... dedicated hosting starts as little as
> 69.00 with Cpanel :)...
>
> Note that I am not advocating making it easier for Cpanel. I am just
> making a point that it is not limited to shared hosting.
>
> I am however advocating that it is pretty dumb that our conf files are
> *required* as a little text file on the filesystem and can not be
> managed via the database.
>
> Joshua D. Drake
>
>
>
> >
> > //Magnus
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: explain analyze is your friend
> >
>
>
> --
>
> === The PostgreSQL Company: Command Prompt, Inc. ===
> Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
> Providing the most comprehensive PostgreSQL solutions since 1997
> http://www.commandprompt.com/
>
> Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
> PostgreSQL Replication: http://www.commandprompt.com/products/
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Joshua D. Drake | 2007-05-17 22:05:45 | Re: drupal.org MySQL database issues |
Previous Message | Joshua D. Drake | 2007-05-17 21:54:06 | Re: drupal.org MySQL database issues |