Mon Jan 23 10:09:53 PST 2006
- Previous message: [Slony1-general] Security with slony
- Next message: [Slony1-general] Thread test program failed. Your platform is not thread-safe.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jan 23, 2006 at 04:48:14PM -0000, Roger Lucas wrote:
> > But it sounds like what you need is a functional host-based ACL
> > system grafted on top. That is, events of type T can come only from
> > nodes {some set of nodes}, and other events of type T' can come from,
> > &c.
> >
>
> That would be ideal... but I cannot find it in existance already.
Nope, this'd be a feature that would have to be built. I haven't
thought it through, but it seems to me to be at least logically
possible.
> That confuses me, as I had read the information below to imply that the
> network configuration commands (i.e. control messages from the
> "administrative workstation" that set up the topology of the replication
> network) were sent "out of band" using different links which could then be
> shut down when not required.
Well, that's the design of the example case that Chris sent, but
there's nothing in principle to prevent these commands from being
issued on the same box as slon is running. All you'd need is the
configuration tool (slonik) and a way of connecting to some node as
superuser. You've already posited that some of your nodes are less
secure than your main origin system. But since those systems need to
be able to send confirmations back, they'll have to be able to talk
to the origin postmaster. Which means you could issue slonik from
them.
A
--
Andrew Sullivan | ajs at crankycanuck.ca
When my information changes, I alter my conclusions. What do you do sir?
--attr. John Maynard Keynes
- Previous message: [Slony1-general] Security with slony
- Next message: [Slony1-general] Thread test program failed. Your platform is not thread-safe.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-general mailing list