Quick Links

Re: drupal.org MySQL database issues

From:	"Gavin M(dot) Roy" <gmr(at)ehpg(dot)net>
To:	"Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
Cc:	"Magnus Hagander" <magnus(at)hagander(dot)net>, "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-advocacy(at)postgresql(dot)org
Subject:	Re: drupal.org MySQL database issues
Date:	2007-05-17 22:00:33
Message-ID:	5b599cc10705171500p6aa5d20ewc398d7e67beee558@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-advocacy

There is something to be said though with the security of not allowing the
daemon to alter pg_hba.conf. What I think would work is a two step auth
process that uses a pg_hba table then falls back to pg_hba.conf if there is
no match. This keeps the complete security of preventing compromised
database from altering the text file.

Thoughts?

Gavin

On 5/17/07, Joshua D. Drake <jd(at)commandprompt(dot)com> wrote:
>
> Magnus Hagander wrote:
> > Gavin M. Roy wrote:
> >> I think for one, mysql uses tables for all of its access control.
> >> Coding plesk/cpanel to modify pg_hba.conf and rehup postgres would take
> >> a bit more work, I would imagine.
> >
> > In a lot of environments, it'd certainly be impossible, at least until
> > we make it possible to edit the config files remote... (oops, recap of
> > endless amounts of discussions on letting pgadmin do that..)
>
> Well more to the point. There really is zero reason why we can't have a
> table representation of pg_hba_conf that is the pg_hba.conf file that
> has triggers that right out the file.
>
>
> >
> >> Do we really want to pursue making PostgreSQL easier to admin for the
> >> non-system admin? Cpanel and plesk and like tools are pretty far down
> >> the list of important things to support or code for.
> >
> > If we want to make inroads into shared-hosting environments, it would
> > certainly help...
>
> It is not just shared hosting... dedicated hosting starts as little as
> 69.00 with Cpanel :)...
>
> Note that I am not advocating making it easier for Cpanel. I am just
> making a point that it is not limited to shared hosting.
>
> I am however advocating that it is pretty dumb that our conf files are
> *required* as a little text file on the filesystem and can not be
> managed via the database.
>
> Joshua D. Drake
>
>
>
> >
> > //Magnus
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: explain analyze is your friend
> >
>
>
> --
>
> === The PostgreSQL Company: Command Prompt, Inc. ===
> Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
> Providing the most comprehensive PostgreSQL solutions since 1997
> http://www.commandprompt.com/
>
> Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
> PostgreSQL Replication: http://www.commandprompt.com/products/
>
>

In response to

Re: drupal.org MySQL database issues at 2007-05-17 21:54:06 from Joshua D. Drake

Responses

Re: drupal.org MySQL database issues at 2007-05-17 22:05:45 from Joshua D. Drake

Browse pgsql-advocacy by date

	From	Date	Subject
Next Message	Joshua D. Drake	2007-05-17 22:05:45	Re: drupal.org MySQL database issues
Previous Message	Joshua D. Drake	2007-05-17 21:54:06	Re: drupal.org MySQL database issues