[Dbconfig-common-devel] Re: Best practice for allowing access to a postgres db

sean finney seanius at debian.org
Sun Oct 2 13:35:36 UTC 2005


On Sun, Oct 02, 2005 at 01:08:26PM +0200, Martin Pitt wrote:
> > what would be the best way to detect that, btw?
> 
> Currently with "pg_lsclusters". I can add some formatting arguments to
> it if necessary, right now there is only the default output:
> 
> $ pg_lsclusters
> Version Cluster   Port Status Owner    Data directory                     Log file
> 7.4     test      5433 online postgres /var/lib/postgresql/7.4/test       /var/log/postgresql/postgresql-7.4-test.log
> 8.0     main      5432 online postgres /var/lib/postgresql/8.0/main       /var/log/postgresql/postgresql-8.0-main.log

cool, i'll see what a little sed can do.

On Sun, Oct 02, 2005 at 01:10:04PM +0200, Martin Pitt wrote:
> > with --add, pg_test_hba would base its exit status on whether the
> > line needed to be added, and vice versa for --remove (so when a package
> > is removed, the admin could ismilarly be prompted).
> 
> Hm, so that would merely invert the exit code? Why can't you just
> invert the exit code interpretation?

guess i could.  or at least wrt the 0/1 part, but 2 would be the
same in either case.

> mysql only communicates over TCP? I didn't know that... Well, the nice
> thing about a Unix socket is that it makes authentication very easy.
> :-)

not exactly.  if you tell mysql to connect via localhost (or 127.0.0.1),
it will force you to use a socket.  kind of weird.


	sean

-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/dbconfig-common-devel/attachments/20051002/4b9bd6f0/attachment.pgp


More information about the Dbconfig-common-devel mailing list