Re: On "multi-master"

From: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: On "multi-master"
Date: 2005-10-14 17:06:27
Message-ID: 20051014170627.GA20107@phlogiston.dyndns.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Fri, Oct 14, 2005 at 11:16:36AM -0500, Scott Marlowe wrote:

> You're users shouldn't be able to do that. If they can, you've set up
> your system wrong. Only the DBA should have access to that machine.

And DBAs aren't users? Oftentimes, a big goal is to protect against
operator error. DBAs who are called to resolve a problem at 2 AM are
_exactly_ the people we're protecting against.

No, you can never completely lock down a system to protect against
root doing 'rm -rf /'. But you can make it harder, and this approach
doesn't do that well enough to be able to advertise that you can't
muck with the system by accident. (Note that erserver had this
problem, too; it's one of the things we were at some pains to prevent
in Slony-I. We didn't get it perfect, though, and there are gaps in
that system as a result. It'd be even more dangerous in a
multimaster system.) And again, this is not to say there are any
flies on pgpool.

A

--
Andrew Sullivan | ajs(at)crankycanuck(dot)ca
The fact that technology doesn't work is no bar to success in the marketplace.
--Philip Greenspun

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Andrew Sullivan 2005-10-14 17:08:00 Re: On "multi-master"
Previous Message Tom Lane 2005-10-14 17:05:53 Re: [GENERAL] Postgres logs to syslog LOCAL0