[Mapbender_dev] Install Script enhancements
Seven (aka Arnulf)
seven at arnulf.us
Mon Dec 13 12:10:26 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
one ideas how we could improve the install script and an issue / not
sure whether or how we can or should handle this.
1. Currently we use a PostgreSQL database user with SUPERUSER
permissions to install Mapbender. As a result we end up with the
password of this SUPERUSER in the clear text readable mapbender.conf
file. This is not nice.
First off we should at least add a notice to the install script: "Please
enter the password that is used to access the data. It will be added in
clear text to the file <path>/mapbender.conf" This way folks can enter
some gibberish if they do nto trust this to happen.
There are several options how to resolve this:
1.a During the install procedure the PG SUPERUSER creates a regular user
and grants all right to the newly created database. ...I just did that
manually and it is rather painful because the rights to SELECT, INSERT
and UPDATE to the mapbender database have to be granted to the new user
for each table individually. Right now it still does not work because
now that user has no rights to create update sequences. Will resolve
this eventually, ur just said that he is working on this too.
1.b After creating the database the postgresql user revokes it's own
SUPERUSER rights. Not sure whether PG allows this at all and imagine
what happens if you do this for a productive database and unfortunately
the poor admin gave away the master password... :-) So not really an
2. We should consider changing the password for root during the
installation to a new random password and returning this to the
installer. This is a minor issue but would make us look a tid bit more
3. During installation we can select a template. This is a cool option -
if there is a template_postgis. If not then the database will not
have PostGIS support. So either we check whether there is a
template_postgis, create it ourselves or what?! Ideas?
Before actually making tickets maybe others have better ideas?
Exploring Space, Time and Mind
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Mapbender_dev