From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
---|---|
To: | Steve Atkins <steve(at)blighty(dot)com> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Remote administration functionality |
Date: | 2005-07-31 04:48:10 |
Message-ID: | 20050731044810.GA28511@alvh.no-ip.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-patches |
On Sat, Jul 30, 2005 at 09:35:16PM -0700, Steve Atkins wrote:
> On Sat, Jul 30, 2005 at 11:39:20PM -0400, Bruce Momjian wrote:
> > Let me try to outline where I think our goals are for remote
> > administration. I will not comment on Dave's analysis of the patch
> > review process, but I think he has some valid points that this patch was
> > not treated properly.
> >
> > Basically, I think everyone wants remote administration. Remote
> > administration requires several things:
> >
> > o edit postgresql.conf
> > o edit pg_hba.conf
> > o reload the config files
> > o restart the server (for config variables requiring restart)
> > o view log files
> > o recycle log files
> > o rename/remove log files
> >
> > All these items are on the TODO list already.
>
> My security spider-sense tingles when I see the ability for a remote
> attacker to not only completely override password, certificate and IP
> absed authentication but also to easily remove logfiles.
Yes, I'd trim that part to support only rename of log files, and
constrain the destination to the log directory. (I guess I don't need
to mention that all log file operations are already constrained to files
inside the log directory.)
For the "edit postgresql.conf" part I guess it would be important to
have some settings that would not be changeable via this interface.
--
Alvaro Herrera (<alvherre[a]alvh.no-ip.org>)
"La primera ley de las demostraciones en vivo es: no trate de usar el sistema.
Escriba un guión que no toque nada para no causar daños." (Jakob Nielsen)
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2005-07-31 07:30:47 | Re: [COMMITTERS] pgsql: Add GUC variables to control keep-alive |
Previous Message | Steve Atkins | 2005-07-31 04:35:16 | Re: Remote administration functionality |
From | Date | Subject | |
---|---|---|---|
Next Message | Andreas Pflug | 2005-07-31 08:55:19 | Re: Remote administration functionality |
Previous Message | Steve Atkins | 2005-07-31 04:35:16 | Re: Remote administration functionality |