Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
If the app provides a basic tool to create/drop/alter Pg users, this should be no hassle at all to manage and no different to using users defined in application tables. I'm guessing they haven't.
Posted May 9, 2012 13:11 UTC (Wed) by dskoll (subscriber, #1630)
Yes, I know that. But just because I want to let people log in to an accounting application, that doesn't mean I trust those same people with the psql command-line. Conflating database users with application users is not a good idea, IMO.
Posted May 10, 2012 2:29 UTC (Thu) by ringerc (subscriber, #3071)
If they're using DB-level users but not doing strict access control and checking in the DB, so a user can still wreak havoc with DB command-line access, that's not cool.
Posted May 10, 2012 16:02 UTC (Thu) by dskoll (subscriber, #1630)
Hmm, I don't really know... I haven't been able to upgrade to 1.3. :(
Even if permission-checking is good, you can still do a lot more damage a lot more quickly with psql than the web interface. For example, you might be able to do a mass update in psql in the blink of an eye where the Web interface will slow you down before you can do too much damage. :)
Posted May 10, 2012 21:03 UTC (Thu) by dskoll (subscriber, #1630)
So I took another crack at upgrading from LedgerSMB 1.2.x to 1.3.16.
Total, utter failure.
The "setup.pl" script keeps asking for a login/password and rejecting whatever I give. Tracing through a hundred twisty perl scripts, all alike, I got nowhere.
I give up. At this point, we're frozen in amber at 1.2.21. My choices now are to do a clean installation of 1.3.16 at the end of the fiscal year and start fresh, pay someone (anyone out there?) to upgrade us, or switch away from LedgerSMB.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds