Freeze break: exclude session data from db dumps

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It was noted yesterday that the koji db dump we have published
contained the 'sessions' table in it. Sessions are cleared every 24
hours (a cron job on koji02) and also only contain a session key, which
is tied to a specific IP address. While the exposure is small/close to
0 here, I would still like to close it out and make sure it is 0.  

I already added the below change to our koji backup-databases script
and removed the old db dump from yesterday, so there should be no
active sessions that are public from the previous dump now. 

This would also affect other postgresql servers db dumps. For those
databases that don't have a 'sessions' table, it's a noop. If some
databases do have such a table, I contend we don't want to back it up
there either. ;) 

After this change is made, a run of the postgresql-server playbook is
also needed to push the change out. 

+1s?

kevin
--
diff --git a/roles/postgresql_server/files/backup-database b/roles/postgresql_server/files/backup-database
index 3f6e7d8..cd2bede 100644
--- a/roles/postgresql_server/files/backup-database
+++ b/roles/postgresql_server/files/backup-database
@@ -4,7 +4,7 @@
 DB=$1
 
 # Make our latest backup
-/usr/bin/pg_dump -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz
+/usr/bin/pg_dump --exclude-table-data=sessions -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz
 
 # Also, delete the backup from a few days ago.
 rm -f /backups/$DB-$(date --date="3 days ago" +%F).dump.xz

Attachment: pgpDALWf1WlmN.pgp
Description: OpenPGP digital signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux