Re: Postgresql -- initial impressions and comments - Mailing list pgsql-general
| From | wsheldah@lexmark.com |
|---|---|
| Subject | Re: Postgresql -- initial impressions and comments |
| Date | |
| Msg-id | OF09C4F100.0BB443FB-ON85256C85.00731F9D@lexmark.com Whole thread Raw |
| In response to | Postgresql -- initial impressions and comments ("j.random.programmer" <javadesigner@yahoo.com>) |
| Responses |
Re: Postgresql -- initial impressions and comments
|
| List | pgsql-general |
Thanks for your summary and very constructive criticism. I've also found the postgresql community to be very helpful and supportive. (Thanks everyone!) I want to add something with regard to security and running as root. First, if postgresql runs as root and is bound to an internal interface, someone getting root access to the box through a postgresql exploit would have access to everything on that box, including other interfaces. Second, many security threats and attacks are launched from within companies, or from within corporate firewalls. You need to guard against these as well. This could happen either because an employee or contractor decides to work against the company for whatever reason, or because another box on the LAN is compromised from outside, and is then used to attack other servers within the LAN. You can never have too many layers of security, especially when you get an extra layer for the low low price of adding another user and group. :-) Wes Sheldahl "j.random.programmer" <javadesigner@yahoo.com>@postgresql.org on 12/04/2002 02:14:37 PM Sent by: pgsql-general-owner@postgresql.org To: pgsql-general@postgresql.org cc: Subject: Re: [GENERAL] Postgresql -- initial impressions and comments Thanks to everyone who responded to my initial post. Here are some followup comments: --------------------------------------- Original: No way to grant permissions on all tables within a database to some user. You have to grant permissions on each table one-by-one. Other comments: Many folks gave examples on how to do this via shell or plpgsql script. Followup: My suggestion is: please add a link from the command reference documentation page for the GRANT command to the appropriate page on technotes.postgresql.com that talks about this issue. --------------------------------------- Original: INSERT into foo values (null, 'a', 'b',...) does not work if the first column is serial. (null cannot be inserted into serial type). Other comments: - Even though mysql allows it, inserting null values into primary key fields and expecting the database to fill in the next 'autoincrement' value... that just seems very non-intuitive to me - NULL is not the same as DEFAULT. Treating it the same is not correct. Followup: Please mention the ability to use 'DEFAULT' in the documentation for the serial type. --------------------------------------- Original: My wanting to run postmaster as non-root Other comments: - there is no good reason for running as root, so it's ok to forbit it. - This feature (mysql mis-feature?) isn't likely to change any time soon. Followup: It's clear that everyone thinks this is a bad idea. I have to disgree here. I should be allowed to do what I want even if it's a security risk as long as that risk is known/explained. It's _not_ an issue if I bind the daemon to a ip/interface which is guaranteed private and non-routable (such as 192.168.x.x) and non-forwardable. Then there is no risk. But it's not really a significant issue either way - creating a new user/group is not a big deal. --------------------------------------- Original: About lack of documentatin for MD5 password encryption (which btw, is the default encryption for all passwords when 7.3 is compiled out of the box). Does the JDBC driver do this automatically ? Other comments: Yes. You need a fairly late model jdbc driver. Followup: I am not seeing this with latest compiled JDBC driver which I downloaded yesterday (for JDK 1.4 and postgres 7.3). There is also no mention of this in the JDBC driver's documentation. Essentially, I cannot connect using JDBC unless I change the connect mode to "trust". --------------------------------------- Original: The documentation needs to be radically improved. Other comments: - I usually find everything i need in the Reference Guide, if not it's in the Users Guide. - What needs to be changed from a "newbie" perspective ? Followup: I am not sure I can point to any one thing that needs to be changed. But somehow the userland (not internals) documentation "feels" incomplete, compared to the extensive mysql docs. Maybe the docs are a) too spread out b) don't have enough examples c) are not totally up-to-date --------------------------------------- Original: No docs for importing/exporting comma or tab delimited files from/to tables ? Other comments: try "man pg_dump". Also read the documentation: http://www.se.postgresql.org/users-lounge/docs/7.3/postgres/backup.html Importing: http://www.se.postgresql.org/users-lounge/docs/7.3/postgres/sql-copy.html Followup: I was wrong about this. As the followup above stated, the documentation does cover this. --------------------------------------- Overall: I must say that I found the postgres community very helful and responsive. In the end, that's - by far - the most important thing. If I was to undertake a production postgres project, I would feel comfortable for this very reason. I did also find some JDBC specific issues that I posted to the JDBC list. Meanwhile, I am going to keep playing with postgres and make sure that my programs work with both mysql and postgresql. Best regards, --j __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
pgsql-general by date: