-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, one ideas how we could improve the install script and an issue / not sure whether or how we can or should handle this.
1. Currently we use a PostgreSQL database user with SUPERUSER permissions to install Mapbender. As a result we end up with the password of this SUPERUSER in the clear text readable mapbender.conf file. This is not nice. First off we should at least add a notice to the install script: "Please enter the password that is used to access the data. It will be added in clear text to the file <path>/mapbender.conf" This way folks can enter some gibberish if they do nto trust this to happen. There are several options how to resolve this: 1.a During the install procedure the PG SUPERUSER creates a regular user and grants all right to the newly created database. ...I just did that manually and it is rather painful because the rights to SELECT, INSERT and UPDATE to the mapbender database have to be granted to the new user for each table individually. Right now it still does not work because now that user has no rights to create update sequences. Will resolve this eventually, ur just said that he is working on this too. 1.b After creating the database the postgresql user revokes it's own SUPERUSER rights. Not sure whether PG allows this at all and imagine what happens if you do this for a productive database and unfortunately the poor admin gave away the master password... :-) So not really an option. 2. We should consider changing the password for root during the installation to a new random password and returning this to the installer. This is a minor issue but would make us look a tid bit more professional... 3. During installation we can select a template. This is a cool option - if there is a template_postgis[1]. If not then the database will not have PostGIS support. So either we check whether there is a template_postgis, create it ourselves or what?! Ideas? Before actually making tickets maybe others have better ideas? Best regards, Arnulf. [1] http://www.mapbender.org/Postgis_template - -- Exploring Space, Time and Mind http://arnulf.us -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAk0GU4IACgkQXmFKW+BJ1b20HQCfR+3xeogHl7hZhQdyoP4wvYOQ 9RgAnArU1cuKhUWCp5N/cj7yWD8L4B5K =lsLH -----END PGP SIGNATURE----- _______________________________________________ Mapbender_dev mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapbender_dev
