On Mon, 2009-07-13 at 14:21 +0530, Kenneth Gonsalves wrote:
On Monday 13 Jul 2009 2:09:06 pm Krishnakant wrote:
Bad idea. Please let the install script create a separate system user for gnukhata and enable that user to create databases, etc. in PgSQL. Running as the postgres user is strongly deprecated.
But this is what postgresql developres themselves are recommending. I personally know and even met of of the core developers of pg and he is also a consultent. He told me that the best thing to do is keep the postgres user as dedicated user which can access the database from only localhost. then you can have the xmlrpc server run on that same machine and so the remote clients just can't access the database directly, because the access is denyed.
I dont believe this. No one in his right mind would run anything by the 'postgres' user. One always runs with a dedicated user with the minimal possible rights - and rights *only* on the specific database in question.
Yes, indeed we can have a dedicated gnukhata user and only keep it accessible from local machine and deny access from remote terminal.
happy hacking. Krishnakant.