[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Health-dev] Secure PostgreSQL connection?
From: |
Gerald Wiese |
Subject: |
Re: [Health-dev] Secure PostgreSQL connection? |
Date: |
Mon, 28 Feb 2022 17:22:04 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 |
Hey again,
another thought on this:
Why is the username not consistent? Couldn't we agree on either having a
psql user tryton or gnuhealth?
Not sure if I'm missing something: As far as I understand there is an
operating system user and a postgresql user. But there is no actual need
to have the same name for both of them.
Here it says
1) "gives permissions to your newly created gnuhealth administrator"
https://en.wikibooks.org/wiki/GNU_Health/Installation#Creating_the_Database_User
And here
2) "The owner of the database should be the same user, as under which
the tryton server runs (default:tryton)"
https://en.opensuse.org/GNUHealth_on_openSUSE
From my understanding for 1) what is happening is creating a database
user having the same name as the os user and 2) is not true. (When the
database could even be on another system it would obviously be another user)
Greets
Gerald
On 25.02.22 14:09, Luis Falcon wrote:
Dear Gerald
On 2/24/22 12:27, Gerald Wiese wrote:
Hey,
getting back to this PostgreSQL config:
I tried to replace "local all all trust" by "local health tryton
trust" on openSUSE and "local health gnuhealth trust" on
Ubuntu/Debian and it works. As it's more precise / secure I suggest
to change it in the documentation (regarding wikibooks installation
chapter and openSUSE specific installation instructions).
Great! It's very good to have alternative options, as long as they are
documented, and they don't cause confusion with the user (ie, make
sure that the user does not include both authentication methods :) ).
Also, as you mention, OS specific users should be noted. The generic
installation uses "gnuhealth" user, and not "tryton".
Besides I tested to have PostgreSQL on another system which is not
part of the documentation yet. I could work on this as well. Until
here I got it running but not yet fulfilling best practices I think.
Before editing wikibooks I would like to know if there is already
work in progress for a HMIS documentation in RST like for MyGNUHealth
/ Thalamus?
Excellent! Yes. We need to have the documentation of the HMIS, version
dependent, in the GNU Health federation portal, as in the case of
Thalamus or MyGH.
In general having an up to date documentation with 4.0 would be nice
as there are some very old parts like mentionning HMIS version 3.0 or
even Python2.
Absolutely! Thank you Gerald!!
Have a great weekend,
Luis