On Tue, 24 Aug 2004, Jeff Templon wrote:
> Hi,
>
> until R-GMA has secure mode access, I don't see the problem;
> all users will be able to access all data. As long as the
> DB has permissions such that only the R-GMA user can insert
> or remove entries, R-GMA is as much as a security hole as is direct
> DB access.
This is not quite true. With direct access to the RDBMS people can also
delete stuff. I think that NIKHEF had the MON box on the UI but then had
the RDBMS remote. However this is a bit more work.
Steve
>
> JT
>
> On Tue, 2004-08-24 at 14:29, Burke, S (Stephen) wrote:
> > LHC Computer Grid - Rollout
> > > [mailto:[log in to unmask]] On Behalf Of Jeff Templon said:
> > > we always put in on our UI machine at NIKHEF. Drove the R-GMA
> > > people crazy. Highly recommended.
> >
> > Speaking of which, I just got this from Linda Cornwall.
> >
> > Stephen
> >
> >
> > ______________________________________________________________________
> > From: "Cornwall, LA (Linda) " <[log in to unmask]>
> > To: "Burke, S (Stephen) " <[log in to unmask]>, 'jra1-uk' <[log in to unmask]>
> > Subject: RE: [JRA1-UK] FW: [LCG-ROLLOUT] R-GMA advice
> > Date: Tue, 24 Aug 2004 13:13:49 +0100
> >
> > Stephen,
> >
> > You should not put R-GMA on a box that users can either run jobs, or access
> > directly - i.e. it should not be on the CE or the UI. (This is to avoid the
> > possibility of a back door entry to the MySQL database - hopefully in future
> > versions of R-GMA this will be fixed.)
> >
> > Linda.
> >
> > > -----Original Message-----
> > > From: [log in to unmask]
> > > [mailto:[log in to unmask]] On Behalf Of Burke,
> > > S (Stephen)
> > > Sent: 24 August 2004 11:02
> > > To: 'jra1-uk'
> > > Subject: [JRA1-UK] FW: [LCG-ROLLOUT] R-GMA advice
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: LHC Computer Grid - Rollout
> > > [mailto:[log in to unmask]] On > Behalf Of Leslie
> > > Groer
> > > Sent: 23 August 2004 22:08
> > > To: [log in to unmask]
> > > Subject: [LCG-ROLLOUT] R-GMA advice
> > >
> > >
> > > Hi All
> > >
> > > I have not seen any strong preference given to whether a
> > > separate MON box is really needed for LCG-2_2_0 R-GMA or not.
> > > We could install the RGMA facility on our SE. I am
> > > reluctant to put this on the CE, as the load there already
> > > spikes too high very often. The other choice is we have a
> > > separate node that we use for cluster monitoring that is
> > > running Ganglia and other web services. I do not believe we
> > > have any tomcat services on there now, but would need to
> > > double-check with our system people.
> > >
> > > If none of these are suitable for a 100 dual nodes site, then
> > > we do have nodes "spare" that could be used for MON, but it
> > > seems a waste of a dual 2.4 GHz 2GB RAM system!
> > >
> > > Thanks
> > > Leslie Groer
> > > [log in to unmask]
> > >
> > > _______________________________________________
> > > JRA1-UK mailing list
> > > [log in to unmask]
> > > http://www.physics.gla.ac.uk/mailman/listinfo/> jra1-uk
> > >
>
|