Re: How to implement backup protocol
| От | Ragnar | 
|---|---|
| Тема | Re: How to implement backup protocol | 
| Дата | |
| Msg-id | 1164744734.27070.187.camel@localhost.localdomain обсуждение исходный текст | 
| Ответ на | Re: How to implement backup protocol ("Andrus" <eetasoft@online.ee>) | 
| Список | pgsql-general | 
On þri, 2006-11-28 at 19:23 +0200, Andrus wrote: > Richard, > > I really do'nt want to open separate port for backup only. > Pelase, can you recomment a solution which uses port 5432 owned by Postgres I do not want to advice you to do things that might be counter your company's security policies, but you could set up a portforwarder on your database machine to pass incoming port 5432 requests from the backup machine to sshd, but let all other source ips go to postgres alternatively, if you have control of cron, and if the firewall restrictons are for incoming only, and if you have open ssh port on some other machine, such as the backupserver, you can have cron do the compressed backup, and send it via scp to the backupserver. > How to force postmaster to run the tool which system provides when it > receives backup request instead of postgres child process ? if you cannot control cron, but the firewall restrictions are only for incoming requests, you might try using some untrusted procedural language to start a backup script locally, that finishes by copying the compressed backup to the backupserver. whatever you choose to do, you should still get permission to do it. security admins are not amused when users use tricks to get around restrictons. maybe they would consider opening the ssh port if you make it clear that they may restrict it to requests from the backup machine? gnari
В списке pgsql-general по дате отправления: