Re: [pg_hba.conf] publish own Python application using PostgreSQL

On Tue, Jul 7, 2015 at 12:10 AM, John R Pierce <pierce(at)hogranch(dot)com> wrote:

> On 7/6/2015 9:55 PM, c(dot)buhtz(at)posteo(dot)jp wrote:
>
>> On 2015-07-05 22:16 John R Pierce<pierce(at)hogranch(dot)com> wrote:
>>
>>> >at a bare minimum, a database administrator needs to create database
>>> >roles (users) and databases for an app like yours.
>>>
>> The admin don't need to create the db. It is done by the application
>> (sqlalchemy-utils on Python3) itself.
>>
>
> an application should not have the privileges to do that. you don't run
> your apps as 'root', do you? why would you run them as a database
> administrator ?

​Trigger Warning (Thanks, Mallard Fillmore)

I agree with you on this. If I were a customer and some vendor said: "Oh
yes, to run our product, you must configure your multi-user data base to
disable passwords and run it as a DBA so that it can make schema changes on
the fly", then I'd simply say "no sale". Of course, in regards to the
schema, it would be proper to document what the DBA needs to do to set up
the data base with the proper tables and other items. WRT to the data base
userid and password, that, IMO, should be some sort of installation
parameter, not "hard coded" into the code itself.

SQLite, which I guess the OP has decided to use, is a much better choice
for _this_ application. IMO, it does not seem to "play well with others".
​

> --
> john r pierce, recycling bits in santa cruz
>
>
--

Schrodinger's backup: The condition of any backup is unknown until a
restore is attempted.

Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be.

He's about as useful as a wax frying pan.

10 to the 12th power microphones = 1 Megaphone

Maranatha! <><
John McKown