On Sat, Jul 30, 2005 at 09:35:16PM -0700, Steve Atkins wrote: > On Sat, Jul 30, 2005 at 11:39:20PM -0400, Bruce Momjian wrote: > > Let me try to outline where I think our goals are for remote > > administration. I will not comment on Dave's analysis of the patch > > review process, but I think he has some valid points that this patch was > > not treated properly. > > > > Basically, I think everyone wants remote administration. Remote > > administration requires several things: > > > > o edit postgresql.conf > > o edit pg_hba.conf > > o reload the config files > > o restart the server (for config variables requiring restart) > > o view log files > > o recycle log files > > o rename/remove log files > > > > All these items are on the TODO list already. > > My security spider-sense tingles when I see the ability for a remote > attacker to not only completely override password, certificate and IP > absed authentication but also to easily remove logfiles.
Yes, I'd trim that part to support only rename of log files, and constrain the destination to the log directory. (I guess I don't need to mention that all log file operations are already constrained to files inside the log directory.) For the "edit postgresql.conf" part I guess it would be important to have some settings that would not be changeable via this interface. -- Alvaro Herrera (<alvherre[a]alvh.no-ip.org>) "La primera ley de las demostraciones en vivo es: no trate de usar el sistema. Escriba un guión que no toque nada para no causar daños." (Jakob Nielsen) ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
