|
From: | Jim Busser |
Subject: | Re: [Gnumed-devel] removing test data |
Date: | Sat, 08 Aug 2009 13:13:59 -0700 |
On 8-Aug-09, at 11:34 AM, Karsten Hilbert wrote:
I accept that the change of the postgres password was irrelevant to the solution... I suppose I was testing whether an initialized postgres (whose pw I forgot and therefore reset) would be allowed to even alter the gnumed databases. Does it make any difference to GNUmed, in terms of bootstrap or update scripts or any other GNUmed database needs, whether the postgres system user was initialized, or whether (and what) is the postgres system and database users' passwords? Or does GNUmed care only about gm-dbo? Also, at present, knowledge of the gm-dbo password is very powerful because it permits to delete patients, drop the database, and anything in between. If an office manager presently needs to be given that password in order to be able to add users to GNUmed, is that too much power, given that the person could psql -h hostname gnumed_vN -U gm-dbo -f do_what_they_want.sql or does the above require that the individual have access to a system account into which they could ssh and additionally have sudo or root access?
Do you mean remote access as user postgres, to thwart hackers attempting generic access to the machine (even while, if I understand correctly, a legitimate admin with sudo access could still ssh into the machine and sudo su - postgres if relevant to some maintenance?) |
[Prev in Thread] | Current Thread | [Next in Thread] |