Re: [Bacula-users] [External] Re: [Bacula-devel] IBAdmin

Tue, 29 Jan 2019 07:16:34 -0800 

> On Jan 28, 2019, at 1:19 PM, Radosław Korzeniewski 
> <rados...@korzeniewski.net> wrote:
> 
> Hello Kern,
> 
> pt., 25 sty 2019 o 16:47 Kern Sibbald <k...@sibbald.com 
> <mailto:k...@sibbald.com>> napisał(a):
> Hello guys,
> 
> Interesting conversation.  I thought I would throw in some general comments 
> of my own.
> 
> - I really like seeing another GUI for Bacula, because it is something we 
> really need.
> 
> Thank you Kern, I really appreciate your support. You are the only one who 
> sees it as an opportunity and not a threat.

I think that's unfair.

I hope you have not taken the suggestions provided here are the result of 
viewing IBAdmin as a threat. They are not.

I hope you have not taken the suggestions for improvement as an attack on 
IBAdmin. They are not.

It is relatively straight forward, I should hope, to identify the parts of the 
database you need to read and the parts you need to update.

I recently did similar for another application:

It looks something like this:

create role freshsource_ro;
GRANT SELECT ON TABLE public.commit_log TO freshsource_ro;
GRANT SELECT ON TABLE public.commit_log_elements TO freshsource_ro;
GRANT SELECT ON TABLE public.element TO freshsource_ro;
GRANT SELECT ON TABLE public.latest_commits TO freshsource_ro;
GRANT SELECT ON TABLE public.repo TO freshsource_ro;
GRANT SELECT ON TABLE public.security_notice TO freshsource_ro;
GRANT SELECT ON TABLE public.system TO freshsource_ro;
GRANT SELECT ON TABLE public.users TO freshsource_ro;
GRANT UPDATE(cookie) ON TABLE public.users TO freshsource_ro;
GRANT UPDATE(lastlogin) ON TABLE public.users TO freshsource_ro;
GRANT SELECT ON TABLE public.watch_list TO freshsource_ro;
GRANT SELECT ON TABLE public.watch_list_element TO freshsource_ro;
GRANT SELECT ON TABLE public.watch_notice TO freshsource_ro;

Then a user is created and added to that freshsource_ro role:

create user freshsource_dev with password '[redacted]' IN ROLE freshsource_ro;

Nobody sees the application itself as threat.

These are straight forward security practices which are carried out in many 
organizations, both small and large.

Best wishes.

--
Dan Langille - BSDCan / PGCon
d...@langille.org

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users





























					Reply via email to