Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!newsfeed.utanet.at!newscore.univie.ac.at!aconews-feed.univie.ac.at!aconews.univie.ac.at!not-for-mail
From: "Laurenz Albe" <invite@spam.to.invalid>
Newsgroups: comp.databases.postgresql
References: <ito056$ido$1@bruford.hrz.tu-chemnitz.de><1308640710.210659@proxy.dienste.wien.at><pan.2011.06.21.13.38.10@gmail.com><1308738638.232318@proxy.dienste.wien.at> <pan.2011.06.22.12.02.22@gmail.com> <1308911383.819034@proxy.dienste.wien.at> <iuhvrv$5j7$1@speranza.aioe.org> <1309508018.14415@proxy.dienste.wien.at> <iul48k$9v1$1@speranza.aioe.org> <1309790420.3138@proxy.dienste.wien.at> <iut38g$9da$1@speranza.aioe.org> <1309849143.243811@proxy.dienste.wien.at> <iuvl71$5i9$1@speranza.aioe.org>
Subject: Re: Is PostgreSQL good?
Date: Wed, 6 Jul 2011 09:00:02 +0200
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5931
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6109
Organization: dienste.wien.at ISP
Message-ID: <1309935622.273345@proxy.dienste.wien.at>
X-Cache: nntpcache 2.3.3 (see http://www.nntpcache.org/)
Lines: 31
NNTP-Posting-Host: 141.203.254.23
X-Trace: 1309935623 aconews.univie.ac.at 34944 141.203.254.23
X-Complaints-To: abuse@univie.ac.at
Xref: x330-a1.tempe.blueboxinc.net comp.databases.postgresql:189

Don Y wrote:
>>> Yes, understood.  I'm thinking about *my* applications where there
>>> is an agent interposed between the end user and the DBMS acting
>>> as if the administrator.  So, it can run some commands on behalf of
>>> the user and *then* decide to VACUUM (having inherent knowledge
>>> of the consequences of those commands).

>> That sounds like a really bad idea.
>>
>> If the database user that performs SQL on behalf of the end user
>> has superuser privileges, that constitutes an unnecessary risk.
>> Security holes or bugs in your software can cause much more damage
>> that way.

> No choice.  There is no "organic" DBA involved.  So, even if I
> let autovacuum handle that aspect, there will always be other
> aspects that have to be "coded" (and "Just Work")

You can automatize administrative tasks, that's a good thing,
but that does not necessitate that the end user gets served by a
superuser account. Those things should be done separately.

You won't get away without some sort of human DBA.
You must at least ascertain that backups complete successfully
and space doesn't run out. And you need somebody who is able to
restore a backup. So at least when things go wrong, you need a DBA.

Yours,
Laurenz Albe