* Ken Tanzer (ken.tan...@gmail.com) wrote:
> My experience has been that for some reason these folks just don't want
> to download and configure a Linux environment just to be able to "kick
> the tires" on this thing. So I was thinking self-serve-created demo
> accounts would be a good way t
psql is really, really meant to be run
on the client side.
I appreciate that, but the people I'm targeting are just not going to
have psql on their systems.
No, you missed the point: those functions, as well as others, are
useless unless psql is running inside a filesystem that the user
Ken Tanzer writes:
>> You will for example be making it awfully difficult for them to use
>> \copy, \i, \e, \g, the list goes on.
> I'm not really eager to go down this path, but nonetheless it's not
> obvious to me why giving psql a lobotomy (or hopefully a careful
> surgical tweak) to disable
Eh, it's just that the users usually complain about seeing other
people's roles and databases and whatnot..
That makes sense. I don't think that would be a problem in this case.
Also, it means you can't grant 'create role' to anyone, so users can't create
or drop their own
roles (an admin wil
* Ken Tanzer (ken.tan...@gmail.com) wrote:
>> You realize that some information (like roles/users) is shared
>> cluster-wide and isn't limited to a specific database, right? That's
>> usually where web-hosting folks trip up first..
>>
> I think it's fair to say I realize it, but am perhaps not
I had thought I was going to have
> people use sftp/scp, but I can see that apparently doesn't work without
> a more "normal" shell than psql. (Although maybe you could build that
> support in?;) )
Erm, I don't believe you need a real shell to allow them sftp.. You
just have to set t
* Ken Tanzer (ken.tan...@gmail.com) wrote:
> OK one more question on this thread. It occurs to me that for the web
> app, DB username and password is read from a configuration file. (I
> understand this to be a common method for web applications.) But since
> apache needs to read the file,
Ken,
* Ken Tanzer (ken.tan...@gmail.com) wrote:
> I could be way off base, but it seems like the exposure is limited.
> Sure, each user can access their database, providing they can
> authenticate successfully. (Of course, I don't care what they do with
> their database.) This essentially
OK one more question on this thread. It occurs to me that for the web
app, DB username and password is read from a configuration file. (I
understand this to be a common method for web applications.) But since
apache needs to read the file, then all users can read each others'
passwords. Arr
OK, hadn't seen your response (and Stephen Frost's) before sending
mine. I think I hear everybody loud and clear--bad idea!
Ken
On 06/01/2010 06:47 PM, Craig Ringer wrote:
On 02/06/10 08:06, Ken Tanzer wrote:
Somehow, exposing my database ports to the internet scares me more than
any (p
Thanks for asking a bunch of good questions, that I don't have good
answers to all of... :) But I'll try:
If you're exposing the ability to run psql, what makes you think you're
not effectively exposing the database?
I could be way off base, but it seems like the exposure is limited.
Sure,
On 02/06/10 08:06, Ken Tanzer wrote:
> Somehow, exposing my database ports to the internet scares me more than
> any (possibly crazy) stuff I'm trying to do. :)
Why? Surely it's less scary than exposing ssh+shell access (!!), even if
you think the shell is locked down to running only a crippled
Ken,
* Ken Tanzer (ken.tan...@gmail.com) wrote:
> Hi. I'm wondering if it is possible to disable use of \! to execute
> commands in psql? I see this has come up on the list before
> (http://archives.postgresql.org/pgsql-admin/2007-07/msg00242.php), but I
> don't see anyone saying whether
Ken Tanzer writes:
>> The better way to go about that is to not let them have an account on
>> the server machine in the first place.
> Somehow, exposing my database ports to the internet scares me more than
> any (possibly crazy) stuff I'm trying to do. :)
If you're exposing the ability to ru
Ken Tanzer wrote:
> >
> > The better way to go about that is to not let them have an account on
> > the server machine in the first place. Just expose the postmaster port
> > (perhaps via ssh tunneling) and let them run psql on their own machines.
> Somehow, exposing my database ports to the inter
Ken Tanzer wrote:
> >
> > Sure use SHELL=/usr/bin/false:
> >
> > $ SHELL=/usr/bin/false psql
> > psql (9.0beta1)
> > Type "help" for help.
> >
> > postgres=> \!
> > postgres=>
> >
> >
>
> Trouble is, that doesn't stop
>
> \! bash
Ah, I see. libc hardcodes the SHELL
The better way to go about that is to not let them have an account on
the server machine in the first place. Just expose the postmaster port
(perhaps via ssh tunneling) and let them run psql on their own machines.
Somehow, exposing my database ports to the internet scares me more than
any (poss
Sure use SHELL=/usr/bin/false:
$ SHELL=/usr/bin/false psql
psql (9.0beta1)
Type "help" for help.
postgres=> \!
postgres=>
Trouble is, that doesn't stop
\! bash
On 06/01/2010 04:57 PM, Bruce Momjian wrote:
Ken Tanzer wrote:
Hi. I'
Ken Tanzer wrote:
> Hi. I'm wondering if it is possible to disable use of \! to execute
> commands in psql? I see this has come up on the list before
> (http://archives.postgresql.org/pgsql-admin/2007-07/msg00242.php), but I
> don't see anyone saying whether it is possible or not, just that i
Ken Tanzer writes:
> Hi. I'm wondering if it is possible to disable use of \! to execute
> commands in psql? I see this has come up on the list before
> (http://archives.postgresql.org/pgsql-admin/2007-07/msg00242.php), but I
> don't see anyone saying whether it is possible or not, just that
Hi. I'm wondering if it is possible to disable use of \! to execute
commands in psql? I see this has come up on the list before
(http://archives.postgresql.org/pgsql-admin/2007-07/msg00242.php), but I
don't see anyone saying whether it is possible or not, just that it's a
bad or useless idea
21 matches
Mail list logo
