Re: PG on a web-server...issues..and some general questions on PG deployment - Mailing list pgsql-interfaces

From Adam Lang
Subject Re: PG on a web-server...issues..and some general questions on PG deployment
Date
Msg-id 002101c06c17$6800bba0$330a0a0a@6014cwpza006
Whole thread Raw
In response to PG on a web-server...issues..and some general questions on PG deployment  (sk@pobox.com (Sanjay Arora))
Responses Re: PG on a web-server...issues..and some general questions on PG deployment
List pgsql-interfaces
Comments inline

Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----- Original Message -----
From: "Sanjay Arora" <sk@pobox.com>
To: <pgsql-interfaces@postgresql.org>
Sent: Thursday, December 21, 2000 5:23 PM
Subject: [INTERFACES] PG on a web-server...issues..and some general
questions on PG deployment


> Hi All,
>
> What are the issues one should take into consideration, when deploying
> PG on a webserver? I am listing some that come to my mind...please add
> others and correct me where I am wrong.
>
> 1. All connections to be made through a nobody user being called
> through servlets. Postgres user for only maintainence purposes.

I'm not overly experienced with Linux, but I've never been enamored with the
"nobody" group and user.  Many other applications by default use that also.
I typically make a dedicated user for that.

>
> 2. 10-15 pooled connections being called by servlets/beans, high
> number of connections through non-use of pooling wherever available to
> be avoided.

I guess the pooling number really matters on the load you get.  I've always
seen people mention 10-15 as the number they use though.

>
> Nothing else comes to my mind...suggestions?

If you have it on the same server as the web, you wouldn't need to start the
postgres daemon with -I, correct?  That should eliminate some possible
security issues.

>
> Some questions:
>
> 1. Any other security measures that should be taken? Any pointers to
> any resources?
>
> 2. I am giving connection details in my servlets and they are visible
> in HTML source of my pages. Is this a cause of concern? Should I write
> wrapper servlets (hardcoded with connection details for each site)
> that call my generic database access servlets?

Definately do not let the connection values be seen by the outside world.
How do they show up in your HTML though?  If you are connecting to a
database you are doing server side scripting, which means the conenction
stuff should be processed and shouldn't display unless you tell it to.  I
have not used jsp, but that would sound really wierd.  Unless you just mean
you have the connection info in the base document and if someone got ahold
of that before it was processed, that the info would be available.

What I do for php is is create a directory outside of my www root and use it
for my include files.  For any conenction info, I include the text file that
has the connection info.  That way, if someone gets ahold of thebase
html/php document, conenction info is not in it.

>
> 3. Is PHP/Postgres module capable of server side connection pooling?

Yes.


The stuff following I can not answer.
>
> 4. How do I get postgres operational statistics from the /proc
> directory of RH Linux 6.2? Or what method do I use to know when PG is
> finding load heavy? I want to create a proactive method which should
> tell me my PG related load probs in ample time for me to code other
> alternatives.
>
> 5. How good is PG on large databases deployed for datawarehousing
> (larger than 2 GB filesize on ext3 filesystem)? I read a FAQ which
> states that PG performance degrades rapidly when database size
> increases. It was a comparison between MySQL, PG & Oracle. Any
> comments?
>
> 6. Do people deploy PG databases, maybe second daemons or daemons on
> second server for PG logs themselves, instead of processing text logs?
> ;-)) Wonder if it is even sensible...or am I talking pure non-sense?
> ;-))
>
> With best regards.
> Sanjay.
>
>



pgsql-interfaces by date:

Previous
From: Michael Meskes
Date:
Subject: Re: Problem with ecpg and 7.1beta1
Next
From: Tom Samplonius
Date:
Subject: Re: PG on a web-server...issues..and some general questions on PG deployment