Re: [Health-dev] Secure PostgreSQL connection?

[Gerald Wiese]

Hey again,

another thought on this:

Why is the username not consistent? Couldn't we agree on either having a 
psql user tryton or gnuhealth?

Not sure if I'm missing something: As far as I understand there is an 
operating system user and a postgresql user. But there is no actual need 
to have the same name for both of them.

Here it says

1) "gives permissions to your newly created gnuhealth administrator"

https://en.wikibooks.org/wiki/GNU_Health/Installation#Creating_the_Database_User

And here

2) "The owner of the database should be the same user, as under which 
the tryton server runs (default:tryton)"

https://en.opensuse.org/GNUHealth_on_openSUSE

From my understanding for 1) what is happening is creating a database 
user having the same name as the os user and 2) is not true. (When the 
database could even be on another system it would obviously be another user)

Greets

Gerald


On 25.02.22 14:09, Luis Falcon wrote:
> Dear Gerald
>
> On 2/24/22 12:27, Gerald Wiese wrote:
> > Hey,
> >
> > getting back to this PostgreSQL config:
> >
> > I tried to replace "local all all trust" by "local health tryton 
> > trust" on openSUSE and "local health gnuhealth trust" on 
> > Ubuntu/Debian and it works. As it's more precise / secure I suggest 
> > to change it in the documentation (regarding wikibooks installation 
> > chapter and openSUSE specific installation instructions).
>
> Great! It's very good to have alternative options, as long as they are 
> documented, and they don't cause confusion with the user (ie, make 
> sure that the user does not include both authentication methods :) ).
>
> Also, as you mention, OS specific users should be noted. The generic 
> installation uses "gnuhealth" user, and not "tryton".
>
>
> > Besides I tested to have PostgreSQL on another system which is not 
> > part of the documentation yet. I could work on this as well. Until 
> > here I got it running but not yet fulfilling best practices I think.
> >
> > Before editing wikibooks I would like to know if there is already 
> > work in progress for a HMIS documentation in RST like for MyGNUHealth 
> > / Thalamus?
> Excellent! Yes. We need to have the documentation of the HMIS, version 
> dependent, in the GNU Health federation portal, as in the case of 
> Thalamus or MyGH.
>
> > In general having an up to date documentation with 4.0 would be nice 
> > as there are some very old parts like mentionning HMIS version 3.0 or 
> > even Python2.
>
> Absolutely! Thank you Gerald!!
>
> Have a great weekend,
> Luis