Re: drupal.org MySQL database issues - Mailing list pgsql-advocacy
| From | Joshua D. Drake |
|---|---|
| Subject | Re: drupal.org MySQL database issues |
| Date | |
| Msg-id | 464CD1B9.20406@commandprompt.com Whole thread Raw |
| In response to | Re: drupal.org MySQL database issues ("Gavin M. Roy" <gmr@ehpg.net>) |
| List | pgsql-advocacy |
Gavin M. Roy wrote: > There is something to be said though with the security of not allowing > the daemon to alter pg_hba.conf. You make it so only a superuser can insert into the table (it would be a pg_ table). Further only a super user could call the pg_reload function that we already allow. What I think would work is a two step > auth process that uses a pg_hba table then falls back to pg_hba.conf if > there is no match. This keeps the complete security of preventing > compromised database from altering the text file. > > Thoughts? > Well consider this :). If they can alter the pg_hba.conf file, it doesn't matter what happens next (or before for that matter). Joshua D. Drake > Gavin > > On 5/17/07, *Joshua D. Drake* <jd@commandprompt.com > <mailto:jd@commandprompt.com>> wrote: > > Magnus Hagander wrote: > > Gavin M. Roy wrote: > >> I think for one, mysql uses tables for all of its access control. > >> Coding plesk/cpanel to modify pg_hba.conf and rehup postgres > would take > >> a bit more work, I would imagine. > > > > In a lot of environments, it'd certainly be impossible, at least > until > > we make it possible to edit the config files remote... (oops, > recap of > > endless amounts of discussions on letting pgadmin do that..) > > Well more to the point. There really is zero reason why we can't have a > table representation of pg_hba_conf that is the pg_hba.conf file that > has triggers that right out the file. > > > > > >> Do we really want to pursue making PostgreSQL easier to admin > for the > >> non-system admin? Cpanel and plesk and like tools are pretty > far down > >> the list of important things to support or code for. > > > > If we want to make inroads into shared-hosting environments, it > would > > certainly help... > > It is not just shared hosting... dedicated hosting starts as little as > 69.00 with Cpanel :)... > > Note that I am not advocating making it easier for Cpanel. I am just > making a point that it is not limited to shared hosting. > > I am however advocating that it is pretty dumb that our conf files are > *required* as a little text file on the filesystem and can not be > managed via the database. > > Joshua D. Drake > > > > > > > //Magnus > > > > ---------------------------(end of > broadcast)--------------------------- > > TIP 6: explain analyze is your friend > > > > > -- > > === The PostgreSQL Company: Command Prompt, Inc. === > Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 > Providing the most comprehensive PostgreSQL solutions since 1997 > http://www.commandprompt.com/ > <http://www.commandprompt.com/> > > Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate > PostgreSQL Replication: http://www.commandprompt.com/products/ > <http://www.commandprompt.com/products/> > > -- === The PostgreSQL Company: Command Prompt, Inc. === Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 Providing the most comprehensive PostgreSQL solutions since 1997 http://www.commandprompt.com/ Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate PostgreSQL Replication: http://www.commandprompt.com/products/
pgsql-advocacy by date: