It was noted yesterday that the koji db dump we have published contained the 'sessions' table in it. Sessions are cleared every 24 hours (a cron job on koji02) and also only contain a session key, which is tied to a specific IP address. While the exposure is small/close to 0 here, I would still like to close it out and make sure it is 0.
I already added the below change to our koji backup-databases script and removed the old db dump from yesterday, so there should be no active sessions that are public from the previous dump now.
This would also affect other postgresql servers db dumps. For those databases that don't have a 'sessions' table, it's a noop. If some databases do have such a table, I contend we don't want to back it up there either. ;)
After this change is made, a run of the postgresql-server playbook is also needed to push the change out.
+1s?
kevin -- diff --git a/roles/postgresql_server/files/backup-database b/roles/postgresql_server/files/backup-database index 3f6e7d8..cd2bede 100644 --- a/roles/postgresql_server/files/backup-database +++ b/roles/postgresql_server/files/backup-database @@ -4,7 +4,7 @@ DB=$1
# Make our latest backup -/usr/bin/pg_dump -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz +/usr/bin/pg_dump --exclude-table-data=sessions -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz
# Also, delete the backup from a few days ago. rm -f /backups/$DB-$(date --date="3 days ago" +%F).dump.xz
+1 from me.
On 2 April 2015 at 09:41, Kevin Fenzi kevin@scrye.com wrote:
It was noted yesterday that the koji db dump we have published contained the 'sessions' table in it. Sessions are cleared every 24 hours (a cron job on koji02) and also only contain a session key, which is tied to a specific IP address. While the exposure is small/close to 0 here, I would still like to close it out and make sure it is 0.
I already added the below change to our koji backup-databases script and removed the old db dump from yesterday, so there should be no active sessions that are public from the previous dump now.
This would also affect other postgresql servers db dumps. For those databases that don't have a 'sessions' table, it's a noop. If some databases do have such a table, I contend we don't want to back it up there either. ;)
After this change is made, a run of the postgresql-server playbook is also needed to push the change out.
+1s?
kevin
diff --git a/roles/postgresql_server/files/backup-database b/roles/postgresql_server/files/backup-database index 3f6e7d8..cd2bede 100644 --- a/roles/postgresql_server/files/backup-database +++ b/roles/postgresql_server/files/backup-database @@ -4,7 +4,7 @@ DB=$1
# Make our latest backup -/usr/bin/pg_dump -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz +/usr/bin/pg_dump --exclude-table-data=sessions -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz
# Also, delete the backup from a few days ago. rm -f /backups/$DB-$(date --date="3 days ago" +%F).dump.xz
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
On Thu, Apr 02, 2015 at 09:41:02AM -0600, Kevin Fenzi wrote:
It was noted yesterday that the koji db dump we have published contained the 'sessions' table in it. Sessions are cleared every 24 hours (a cron job on koji02) and also only contain a session key, which is tied to a specific IP address. While the exposure is small/close to 0 here, I would still like to close it out and make sure it is 0.
I already added the below change to our koji backup-databases script and removed the old db dump from yesterday, so there should be no active sessions that are public from the previous dump now.
This would also affect other postgresql servers db dumps. For those databases that don't have a 'sessions' table, it's a noop. If some databases do have such a table, I contend we don't want to back it up there either. ;)
After this change is made, a run of the postgresql-server playbook is also needed to push the change out.
+1s?
kevin
diff --git a/roles/postgresql_server/files/backup-database b/roles/postgresql_server/files/backup-database index 3f6e7d8..cd2bede 100644 --- a/roles/postgresql_server/files/backup-database +++ b/roles/postgresql_server/files/backup-database @@ -4,7 +4,7 @@ DB=$1
# Make our latest backup -/usr/bin/pg_dump -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz +/usr/bin/pg_dump --exclude-table-data=sessions -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz
# Also, delete the backup from a few days ago. rm -f /backups/$DB-$(date --date="3 days ago" +%F).dump.xz
+1 for me
Pierre
infrastructure@lists.fedoraproject.org