On þri, 2006-11-28 at 19:23 +0200, Andrus wrote:
> Richard,
>
> I really do'nt want to open separate port for backup only.
> Pelase, can you recomment a solution which uses port 5432 owned by Postgres
I do not want to advice you to do things that might be
counter your company's security policies, but you
could set up a portforwarder on your database machine to
pass incoming port 5432 requests from the backup machine
to sshd, but let all other source ips go to postgres
alternatively, if you have control of cron, and if
the firewall restrictons are for incoming only, and
if you have open ssh port on some other machine, such
as the backupserver, you can have cron do the compressed
backup, and send it via scp to the backupserver.
> How to force postmaster to run the tool which system provides when it
> receives backup request instead of postgres child process ?
if you cannot control cron, but the firewall restrictions are only for
incoming requests, you might try using some
untrusted procedural language to start a backup script
locally, that finishes by copying the compressed backup
to the backupserver.
whatever you choose to do, you should still get
permission to do it. security admins are not amused
when users use tricks to get around restrictons.
maybe they would consider opening the ssh port if
you make it clear that they may restrict it to
requests from the backup machine?
gnari
