Re: On "multi-master" - Mailing list pgsql-general

From Andrew Sullivan
Subject Re: On "multi-master"
Date
Msg-id 20051018145301.GA3441@phlogiston.dyndns.org
Whole thread Raw
In response to Re: On "multi-master"  (Chris Travers <chris@travelamericas.com>)
Responses Re: PGPool and replication enforcement On "multi-master"
List pgsql-general
On Sat, Oct 15, 2005 at 06:04:54PM -0700, Chris Travers wrote:
> Out of curiosity, what is wrong with requiring client SSL certs to
> access the system and only issuing them to the PGPool system (or using a
> different CA if you need to issue client certs to the end users)?  This

Hmm, I like this, although client SSL certs still didn't work with
JDBC last I checked, so it won't solve all the problems.  But you're
right, this would mostly solve the problem I was thinking of,
provided it was described correctly to the (mostly-clueless)
technology rule-producers.

> place (though deliberate circumvention is always an issue when both
> sides are open source and the DBA has access to all systems-- after all,

Open source has nothing to do with it, of course.  Malicious attack
by technical staff is something virtually no technology can guarantee
against.  The best you can usually get is adequate logging (and
probably log monitoring) -- and we already provide that.

A

--
Andrew Sullivan  | ajs@crankycanuck.ca
The plural of anecdote is not data.
        --Roger Brinner

pgsql-general by date:

Previous
From: Vivek Khera
Date:
Subject: Re: fine tuned database dump/reload?
Next
From: Peter Eisentraut
Date:
Subject: Call for translators