On Fri, 1 Aug 2003, Chad N. Tindel wrote:
> > > Excellent! That is exactly what I'm talking about.
> > >
> > > BTW, the "my2pg.pl" link is a dead link.
> >
> > This is probably something that could be codified a bit here in the news
> > group.
> >
> > I'd say the pitfalls I'm aware of are:
> >
> > autoincrement fields -> sequences
>
> Yes. The documentation very clearly states using sequences instead of
> auto-increment, but it doesn't make it clear that inserting the id's into
> data by hand doesn't cause the sequence to be auto-matically incremented. It'd
> be nice of postgres had a way to trigger an update of the sequence value after
> every insert containing an id clumn.
Actually, from a data cohesion point of view, that's an EXTREMELY
dangerous thing to do, and is not likely to ever get implemented.
However, mentioning that not only does postgresql do it this way, but
here's why it's dangerous to do it the MySQL way as well, would be a good
idea.
Note that what I'm thinking of in a list of these pitfalls is simply a
list of them, with links to the paragraphs that cover the pitfalls in the
regular docs.
> > not being able to run postgresql as root (a good thing TM)
>
> <RANT>As a programmer, I personally would never write code that kept people from
> running things as root. I mean, what is the point? If an administrator
> wants to run postgresql or apache as root, why shouldn't they be allowed
> to make that conscious decision for themselves?
> As it is, you have to recompile
> apache with some BIG_SECURITY_HOLE defined in order to run as root, which means
> you can't just use the out of the box apache rpm. Its so stupid to write
> *extra* code that keeps people from doing something that isn't even
> fundamentally incorrect.</RANT>
If you don't know why running a non-system service as root is bad, you
haven't been running Unix long enough. It is wrong, period, and
dangerous, period. Not because you might do something dumb, but because
it allows attackers to own your whole box should they compromise one
non-system service. Very bad form.
> All that being said, I don't think it causes too big of a problem for postgres
> installations.
No, only with folks who don't understand why running non-system services
as root is quite possibly the biggest mistake you can make when
configuring a service.