Обсуждение: Re: [pgsql-www] Setting up for Press Contacts inSE Asia

Поиск
Список
Период
Сортировка

Re: [pgsql-www] Setting up for Press Contacts inSE Asia

От
Josh Berkus
Дата:
Magnus,

> I assume it's fairly large? We could probably stick it on the wwwmaster
> server then. Depends on where you actually need to access it from,
> though?

No, it's small.  And I just need psql and pgAdmin-over-ssh.  Eventually
we'll want a wwwmaster PHP interface to it so we can maintain the RCs on
wwwmaster.

Hmmm.  I also need to "spam" the press contacts ... that uses perl:DBI and
SMTP.

Anyway, I'd rather not do this just before the release, let's do it just
after.

--
--Josh

Josh Berkus
PostgreSQL @ Sun
San Francisco

Re: [pgsql-www] Setting up for Press Contacts inSE Asia

От
Magnus Hagander
Дата:
Josh Berkus wrote:
> Magnus,
>
>> I assume it's fairly large? We could probably stick it on the wwwmaster
>> server then. Depends on where you actually need to access it from,
>> though?
>
> No, it's small.  And I just need psql and pgAdmin-over-ssh.  Eventually
> we'll want a wwwmaster PHP interface to it so we can maintain the RCs on
> wwwmaster.

I meant small. I have no idea why I wrote large.

And I assume ssl is as good as ssh :P


> Hmmm.  I also need to "spam" the press contacts ... that uses perl:DBI and
> SMTP.

If you can just limit what IP is used, that should be no problem.


> Anyway, I'd rather not do this just before the release, let's do it just
> after.

Agreed.

//Magnus

Re: [pgsql-www] Setting up for Press Contacts inSE Asia

От
Josh Berkus
Дата:
Magnus,

> And I assume ssl is as good as ssh :P

How do I connect on the command line with SSL?  Or port-forward?

For the press list etc I need a way to fairly rapidly hand-edit a lot of
the list.  I've ben using pgAdmin for that, so I'll need to keep having
something similar.  I'll also need ssh access so that I can upload new
batch files, such as from conferences.

> If you can just limit what IP is used, that should be no problem.

IP used for which?

--
--Josh

Josh Berkus
PostgreSQL @ Sun
San Francisco

Re: [pgsql-www] Setting up for Press Contacts inSE Asia

От
Magnus Hagander
Дата:
On Mon, Jan 28, 2008 at 04:40:15PM -0800, Josh Berkus wrote:
> Magnus,
>
> > And I assume ssl is as good as ssh :P
>
> How do I connect on the command line with SSL?  Or port-forward?

Oh man, please tell me I misunderstood your question. Or do you really not
know how SSL works in PostgreSQL - core member and all? ;-)

Anyway. Just use psql the normal way, and it'll go into SSL mode
automatically when it's configured like that on the server.


> For the press list etc I need a way to fairly rapidly hand-edit a lot of
> the list.  I've ben using pgAdmin for that, so I'll need to keep having
> something similar.  I'll also need ssh access so that I can upload new
> batch files, such as from conferences.

pgAdmin will also work perfectly well over SSL. And I don't see why you'd
need ssh access to the database server for any of that - you can just use
psql locally.


> > If you can just limit what IP is used, that should be no problem.
>
> IP used for which?

The client machine(s) that shuold be allowed to connect to the database.

//Magnus

Re: [pgsql-www] Setting up for Press Contacts inSE Asia

От
"Dave Page"
Дата:
On Jan 29, 2008 9:48 AM, Magnus Hagander <magnus@hagander.net> wrote:

> The client machine(s) that shuold be allowed to connect to the database.

Is there any need for that? Whats wrong with ssh tunneling?

/D

Re: [pgsql-www] Setting up for Press Contacts inSE Asia

От
Magnus Hagander
Дата:
On Tue, Jan 29, 2008 at 10:03:36AM +0000, Dave Page wrote:
> On Jan 29, 2008 9:48 AM, Magnus Hagander <magnus@hagander.net> wrote:
>
> > The client machine(s) that shuold be allowed to connect to the database.
>
> Is there any need for that? Whats wrong with ssh tunneling?

SSH tunneling requires a shell account on the machine.

//Magnus

Re: [pgsql-www] Setting up for Press Contacts inSE Asia

От
"Dave Page"
Дата:
On Jan 29, 2008 11:11 AM, Magnus Hagander <magnus@hagander.net> wrote:
>
> On Tue, Jan 29, 2008 at 10:03:36AM +0000, Dave Page wrote:
> > On Jan 29, 2008 9:48 AM, Magnus Hagander <magnus@hagander.net> wrote:
> >
> > > The client machine(s) that shuold be allowed to connect to the database.
> >
> > Is there any need for that? Whats wrong with ssh tunneling?
>
> SSH tunneling requires a shell account on the machine.

You just suggested using psql locally, so I assumed that wasn't an
issue. Regardless, I'd much rather Josh used ssh for everything - it's
far more flexible, arguably more secure (think ssh cert + postgres
auth), and doesn't require any special config.

/D

Re: [pgsql-www] Setting up for Press Contacts inSE Asia

От
Magnus Hagander
Дата:
On Tue, Jan 29, 2008 at 11:36:43AM +0000, Dave Page wrote:
> On Jan 29, 2008 11:11 AM, Magnus Hagander <magnus@hagander.net> wrote:
> >
> > On Tue, Jan 29, 2008 at 10:03:36AM +0000, Dave Page wrote:
> > > On Jan 29, 2008 9:48 AM, Magnus Hagander <magnus@hagander.net> wrote:
> > >
> > > > The client machine(s) that shuold be allowed to connect to the database.
> > >
> > > Is there any need for that? Whats wrong with ssh tunneling?
> >
> > SSH tunneling requires a shell account on the machine.
>
> You just suggested using psql locally, so I assumed that wasn't an
> issue. Regardless, I'd much rather Josh used ssh for everything - it's
> far more flexible, arguably more secure (think ssh cert + postgres
> auth), and doesn't require any special config.

This doesn't really belong on advocacy, so let me just post the reason
here, and take further discussions off-list.

psql locally = locally on his box, *not* wwwmaster, is what I meant.


We don't want end-users running *anything* on wwwmaster. This is the reason
we made it it's own VM. We do *not* want the mess of svr1 all over again.

An option could be to have Josh run his scripts on svr1, since that's the
closest thing to a "shell box" that we have for project users. Yes, it's a
mess, but it works for that :-P

//Magnus

Re: [pgsql-www] Press machinery WAS Setting up contacts ...

От
Josh Berkus
Дата:
Magnus,

> Oh man, please tell me I misunderstood your question. Or do you really not
> know how SSL works in PostgreSQL - core member and all? ;-)

Oh, right.  psql with SSL.  I was still thinking shell.

--
Josh Berkus
PostgreSQL @ Sun
San Francisco

Re: [pgsql-www] Setting up for Press Contacts inSE Asia

От
"Joshua D. Drake"
Дата:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 29 Jan 2008 12:11:56 +0100
Magnus Hagander <magnus@hagander.net> wrote:

> On Tue, Jan 29, 2008 at 10:03:36AM +0000, Dave Page wrote:
> > On Jan 29, 2008 9:48 AM, Magnus Hagander <magnus@hagander.net>
> > wrote:
> > 
> > > The client machine(s) that shuold be allowed to connect to the
> > > database.
> > 
> > Is there any need for that? Whats wrong with ssh tunneling?
> 
> SSH tunneling requires a shell account on the machine.

We I believe we are trying to limit yes?

Joshua D. Drake

- -- 
The PostgreSQL Company: Since 1997, http://www.commandprompt.com/ 
Sales/Support: +1.503.667.4564   24x7/Emergency: +1.800.492.2240
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL SPI Liaison | SPI Director |  PostgreSQL political pundit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHn1KcATb/zqfZUUQRAhIKAJ0ds1awCVyq3w7ojal602KOAWteYACfTxrC
ewFmCiWgkmAhy+q5lMauSTU=
=4yKa
-----END PGP SIGNATURE-----