Thread: Backup

Backup

From

Alejandro Fernandez

Date:

01 December 2000, 07:32:51

Hi,

Having had a security problem, I recently backed up (with postgresql-dump)  a
database I had with group and user privileges set on it.

Once I dealt with the problem I tried to reload the dump with

\i database.out

only to find various errors to do with these privileges. Is there a better way
to back up all data including who belongs to what group and what that group is
allowed to do on what tables?

Also, Is there a way of implementing a secure way of giving this data a web
front end with a scripting language, whilst not giving too many permissions to
user "nobody"(apache)  or having clear text passwords in the scripts themselves?

Thanks (I'm sorry if these questions are too "novice"! Any generic "rtfm man
postgres*" pointers gratefully accepted :)

Ale
--
Alejandro Fernandez Bscp 5 Caledonian University
0141 586 3913 - ale@nin.cx

JDBC drivers

From

Sterling

Date:

01 December 2000, 17:15:59

H-

I'm looking to get the jdbc drivers for postgres 6.5.3 so I can hook them up with
JSP/Tomcat.

I found a page that has drivers but not for my version.
Does it matter that they aren't the same?

Any one have a favorite page where I could go and get some drivers for postgres
6.5.3?
If I upgrade to 7.0 will it destroy my existing databases?
Has anyone had any experience with upgrading to the lastest postgres, and if so how
was it? Painful, Pleasant?

Thanks for any information you can provide.
-Sterling

Re: JDBC drivers

From

"Fernando M. Maresca"

Date:

01 December 2000, 19:17:50

Upgrading postgres is not painful: I've doing it in several linux machines
to a 7.0 release and is only matter of reading README file and follow the
instructions. Of course, if you plan to upgrade any software in your
system, you *must* backup the data before procede, this is rule nº 1 of
adminitration.
Perhaps the only big problem that I was found upgradin in RH 6.2 is that
doing this whit the (shit)RPM causes problems : so, I'm download the
sources and compile it in the machine. This is personal matter, ok, but is
how I do.
Excuse me, I known nothing about jdbc drivers.
Sorry for my very bad english.
F.

On Fri, 1 Dec 2000, Sterling wrote:

> H-
>
> I'm looking to get the jdbc drivers for postgres 6.5.3 so I can hook them up with
> JSP/Tomcat.
>
> I found a page that has drivers but not for my version.
> Does it matter that they aren't the same?
>
> Any one have a favorite page where I could go and get some drivers for postgres
> 6.5.3?
> If I upgrade to 7.0 will it destroy my existing databases?
> Has anyone had any experience with upgrading to the lastest postgres, and if so how
> was it? Painful, Pleasant?
>
> Thanks for any information you can provide.
> -Sterling
>
>
>

--
Fernando M. Maresca
--

Re: Backup (& pg/web permissions)

From

"Joel Burton"

Date:

01 December 2000, 19:53:55

> Having had a security problem, I recently backed up (with
> postgresql-dump)  a database I had with group and user privileges
set
> on it.
>
> Once I dealt with the problem I tried to reload the dump with
>
> \i database.out
>
> only to find various errors to do with these privileges. Is there a
> better way to back up all data including who belongs to what
group and
> what that group is allowed to do on what tables?

pg_dumpall will dump all of your databases, along with users and
groups. This should automatically take care of restores w/users and
groups.

> Also, Is there a way of implementing a secure way of giving this data
> a web front end with a scripting language, whilst not giving too many
> permissions to user "nobody"(apache)  or having clear text passwords
> in the scripts themselves?

What we do:

1) in pg_hba.conf, you can only connect to our database from
connections made on our webserver or the DBAs computer.
2) the database password is not in the perl script, but in a file
required by the perl script. (actually, the whole DBI setup is in there)

This way, in case some loser script writer screws up the permissions
of the perl script and makes the script readable by a casual user,
the password is still in the require'd file.

In any event, even if you got your hands on the password, you can
only connect from our webserver--not from any other computer
across the internet (unless you successful spoofed our server, etc.)

And, of course, we have privileges on the tables so that the web
user can do certain things (INSERTS, SELECTS, etc.) but only on
those tables that it needs.

If you use Perl, there are ways of 'encrypting' your perl script,
where the script unencrypts itself; I'm not very familiar with these,
but you can find these on CPAN.

Good luck,

--
Joel Burton, Director of Information Systems -*- jburton@scw.org
Support Center of Washington (www.scw.org)

Re: JDBC drivers

From

Bruno Dickhoff

Date:

01 December 2000, 22:32:39

Hello Sterling,

Friday, December 01, 2000, 8:08:13 PM, you wrote:

S> H-

S> I'm looking to get the jdbc drivers for postgres 6.5.3 so I can hook them up with
S> JSP/Tomcat.

S> I found a page that has drivers but not for my version.
S> Does it matter that they aren't the same?

S> Any one have a favorite page where I could go and get some drivers for postgres
S> 6.5.3?

If  you have the source package of 6.5.3, you already have the drivers on your
disk. According to postgresql.org at

http://www.postgresql.org/interfaces.html

the jdbc drivers were included since 6.2. If you can't find them, look at this
page, there are links to providers of other jdbc drivers as well.

But - I would think about upgrading, this would be the better choice, I think.

--
Best regards,
 Bruno                            mailto:bruno@dickhoff.de