Обсуждение: Re: [pgsql-www] Setting up for Press Contacts inSE Asia
Magnus, > I assume it's fairly large? We could probably stick it on the wwwmaster > server then. Depends on where you actually need to access it from, > though? No, it's small. And I just need psql and pgAdmin-over-ssh. Eventually we'll want a wwwmaster PHP interface to it so we can maintain the RCs on wwwmaster. Hmmm. I also need to "spam" the press contacts ... that uses perl:DBI and SMTP. Anyway, I'd rather not do this just before the release, let's do it just after. -- --Josh Josh Berkus PostgreSQL @ Sun San Francisco
Josh Berkus wrote: > Magnus, > >> I assume it's fairly large? We could probably stick it on the wwwmaster >> server then. Depends on where you actually need to access it from, >> though? > > No, it's small. And I just need psql and pgAdmin-over-ssh. Eventually > we'll want a wwwmaster PHP interface to it so we can maintain the RCs on > wwwmaster. I meant small. I have no idea why I wrote large. And I assume ssl is as good as ssh :P > Hmmm. I also need to "spam" the press contacts ... that uses perl:DBI and > SMTP. If you can just limit what IP is used, that should be no problem. > Anyway, I'd rather not do this just before the release, let's do it just > after. Agreed. //Magnus
Magnus, > And I assume ssl is as good as ssh :P How do I connect on the command line with SSL? Or port-forward? For the press list etc I need a way to fairly rapidly hand-edit a lot of the list. I've ben using pgAdmin for that, so I'll need to keep having something similar. I'll also need ssh access so that I can upload new batch files, such as from conferences. > If you can just limit what IP is used, that should be no problem. IP used for which? -- --Josh Josh Berkus PostgreSQL @ Sun San Francisco
On Mon, Jan 28, 2008 at 04:40:15PM -0800, Josh Berkus wrote: > Magnus, > > > And I assume ssl is as good as ssh :P > > How do I connect on the command line with SSL? Or port-forward? Oh man, please tell me I misunderstood your question. Or do you really not know how SSL works in PostgreSQL - core member and all? ;-) Anyway. Just use psql the normal way, and it'll go into SSL mode automatically when it's configured like that on the server. > For the press list etc I need a way to fairly rapidly hand-edit a lot of > the list. I've ben using pgAdmin for that, so I'll need to keep having > something similar. I'll also need ssh access so that I can upload new > batch files, such as from conferences. pgAdmin will also work perfectly well over SSL. And I don't see why you'd need ssh access to the database server for any of that - you can just use psql locally. > > If you can just limit what IP is used, that should be no problem. > > IP used for which? The client machine(s) that shuold be allowed to connect to the database. //Magnus
On Jan 29, 2008 9:48 AM, Magnus Hagander <magnus@hagander.net> wrote: > The client machine(s) that shuold be allowed to connect to the database. Is there any need for that? Whats wrong with ssh tunneling? /D
On Tue, Jan 29, 2008 at 10:03:36AM +0000, Dave Page wrote: > On Jan 29, 2008 9:48 AM, Magnus Hagander <magnus@hagander.net> wrote: > > > The client machine(s) that shuold be allowed to connect to the database. > > Is there any need for that? Whats wrong with ssh tunneling? SSH tunneling requires a shell account on the machine. //Magnus
On Jan 29, 2008 11:11 AM, Magnus Hagander <magnus@hagander.net> wrote: > > On Tue, Jan 29, 2008 at 10:03:36AM +0000, Dave Page wrote: > > On Jan 29, 2008 9:48 AM, Magnus Hagander <magnus@hagander.net> wrote: > > > > > The client machine(s) that shuold be allowed to connect to the database. > > > > Is there any need for that? Whats wrong with ssh tunneling? > > SSH tunneling requires a shell account on the machine. You just suggested using psql locally, so I assumed that wasn't an issue. Regardless, I'd much rather Josh used ssh for everything - it's far more flexible, arguably more secure (think ssh cert + postgres auth), and doesn't require any special config. /D
On Tue, Jan 29, 2008 at 11:36:43AM +0000, Dave Page wrote: > On Jan 29, 2008 11:11 AM, Magnus Hagander <magnus@hagander.net> wrote: > > > > On Tue, Jan 29, 2008 at 10:03:36AM +0000, Dave Page wrote: > > > On Jan 29, 2008 9:48 AM, Magnus Hagander <magnus@hagander.net> wrote: > > > > > > > The client machine(s) that shuold be allowed to connect to the database. > > > > > > Is there any need for that? Whats wrong with ssh tunneling? > > > > SSH tunneling requires a shell account on the machine. > > You just suggested using psql locally, so I assumed that wasn't an > issue. Regardless, I'd much rather Josh used ssh for everything - it's > far more flexible, arguably more secure (think ssh cert + postgres > auth), and doesn't require any special config. This doesn't really belong on advocacy, so let me just post the reason here, and take further discussions off-list. psql locally = locally on his box, *not* wwwmaster, is what I meant. We don't want end-users running *anything* on wwwmaster. This is the reason we made it it's own VM. We do *not* want the mess of svr1 all over again. An option could be to have Josh run his scripts on svr1, since that's the closest thing to a "shell box" that we have for project users. Yes, it's a mess, but it works for that :-P //Magnus
Magnus, > Oh man, please tell me I misunderstood your question. Or do you really not > know how SSL works in PostgreSQL - core member and all? ;-) Oh, right. psql with SSL. I was still thinking shell. -- Josh Berkus PostgreSQL @ Sun San Francisco
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 29 Jan 2008 12:11:56 +0100 Magnus Hagander <magnus@hagander.net> wrote: > On Tue, Jan 29, 2008 at 10:03:36AM +0000, Dave Page wrote: > > On Jan 29, 2008 9:48 AM, Magnus Hagander <magnus@hagander.net> > > wrote: > > > > > The client machine(s) that shuold be allowed to connect to the > > > database. > > > > Is there any need for that? Whats wrong with ssh tunneling? > > SSH tunneling requires a shell account on the machine. We I believe we are trying to limit yes? Joshua D. Drake - -- The PostgreSQL Company: Since 1997, http://www.commandprompt.com/ Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240 Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate PostgreSQL SPI Liaison | SPI Director | PostgreSQL political pundit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHn1KcATb/zqfZUUQRAhIKAJ0ds1awCVyq3w7ojal602KOAWteYACfTxrC ewFmCiWgkmAhy+q5lMauSTU= =4yKa -----END PGP SIGNATURE-----