[Dbconfig-common-devel] Re: Best practice for allowing access to a
postgres db
Martin Pitt
mpitt at debian.org
Sun Oct 2 11:10:04 UTC 2005
hi Sean!
sean finney [2005-10-01 10:07 -0400]:
> On Sat, Oct 01, 2005 at 03:52:16PM +0200, Martin Pitt wrote:
> > > pg_test_hba --add --method ident dbname dbuser
> > > pg_test_hba --add --ip w.x.y.z --method ident dbname dbuser
> > > pg_test_hba --add --method md5 dbname dbuser
> > > pg_test_hba --add --ip w.x.y.z --method md5 dbname dbuser
> > > pg_test_hba --remove ...
> >
> > What is the purpose of --add/--remove?
>
> with --add, pg_test_hba would base its exit status on whether the
> line needed to be added, and vice versa for --remove (so when a package
> is removed, the admin could ismilarly be prompted).
Hm, so that would merely invert the exit code? Why can't you just
invert the exit code interpretation?
> > My initial spec proposed that if --ip is not given, it defaults to
> > lcoal Unix socket authentication. This should be consistent with
> > pg_add_hba. What do you think?
>
> yeah, that makes sense. we in mysql-land unfortunately do not have such
> a distinction :)
mysql only communicates over TCP? I didn't know that... Well, the nice
thing about a Unix socket is that it makes authentication very easy.
:-)
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/dbconfig-common-devel/attachments/20051002/06eaf613/attachment.pgp
More information about the Dbconfig-common-devel
mailing list