On Thu, Apr 02, 2015 at 09:41:02AM -0600, Kevin Fenzi wrote: > It was noted yesterday that the koji db dump we have published > contained the 'sessions' table in it. Sessions are cleared every 24 > hours (a cron job on koji02) and also only contain a session key, which > is tied to a specific IP address. While the exposure is small/close to > 0 here, I would still like to close it out and make sure it is 0. > > I already added the below change to our koji backup-databases script > and removed the old db dump from yesterday, so there should be no > active sessions that are public from the previous dump now. > > This would also affect other postgresql servers db dumps. For those > databases that don't have a 'sessions' table, it's a noop. If some > databases do have such a table, I contend we don't want to back it up > there either. ;) > > After this change is made, a run of the postgresql-server playbook is > also needed to push the change out. > > +1s? > > kevin > -- > diff --git a/roles/postgresql_server/files/backup-database b/roles/postgresql_server/files/backup-database > index 3f6e7d8..cd2bede 100644 > --- a/roles/postgresql_server/files/backup-database > +++ b/roles/postgresql_server/files/backup-database > @@ -4,7 +4,7 @@ > DB=$1 > > # Make our latest backup > -/usr/bin/pg_dump -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz > +/usr/bin/pg_dump --exclude-table-data=sessions -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz > > # Also, delete the backup from a few days ago. > rm -f /backups/$DB-$(date --date="3 days ago" +%F).dump.xz +1 for me Pierre
Attachment:
pgpKPIvNEqOUV.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
