It was noted yesterday that the koji db dump we have published contained the 'sessions' table in it. Sessions are cleared every 24 hours (a cron job on koji02) and also only contain a session key, which is tied to a specific IP address. While the exposure is small/close to 0 here, I would still like to close it out and make sure it is 0. I already added the below change to our koji backup-databases script and removed the old db dump from yesterday, so there should be no active sessions that are public from the previous dump now. This would also affect other postgresql servers db dumps. For those databases that don't have a 'sessions' table, it's a noop. If some databases do have such a table, I contend we don't want to back it up there either. ;) After this change is made, a run of the postgresql-server playbook is also needed to push the change out. +1s? kevin -- diff --git a/roles/postgresql_server/files/backup-database b/roles/postgresql_server/files/backup-database index 3f6e7d8..cd2bede 100644 --- a/roles/postgresql_server/files/backup-database +++ b/roles/postgresql_server/files/backup-database @@ -4,7 +4,7 @@ DB=$1 # Make our latest backup -/usr/bin/pg_dump -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz +/usr/bin/pg_dump --exclude-table-data=sessions -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz # Also, delete the backup from a few days ago. rm -f /backups/$DB-$(date --date="3 days ago" +%F).dump.xz
Attachment:
pgpDALWf1WlmN.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
