Postgres Plus xDB Replication Server with Multi-Master User's Guide : 4.2 Saving Server Login Information

Previous PageTable Of ContentsNext Page

Postgres Plus Advanced Server xDB Replication Server User's Guide

 

4.2 Saving Server Login Information

When you use the xDB Replication Console to create a replication system, you will need to register a publication server and a subscription server. During this process you are given the option to save the server’s login information. This section describes what happens if you select this option.

The following discussion applies to both publication servers and subscription servers. These are generically referred to as “servers” in this discussion.

4.2.1 Server Login File

If you choose to save the login information, the server’s network location (IP address and port number), user name, and password are stored in a server login file in a hidden location under the home directory of the operating system account with which you have opened the xDB Replication Console. See Section 3.2 for the location of this file.

The following shows the Register Publication Server dialog box where the option to save login information is presented as a check box. In this example 192.168.2.7 entered in the Host field, 9051 entered in the Port field, enterprisedb entered in the User Name field, and an encrypted form of the password entered in the Password field are saved in the server login file for this publication server if user name and password validation are successful.

The values for User Name and Password that you enter are validated against the user name and password in the xDB Replication Configuration file residing on host 192.168.2.7, in this case. The user name and password must successfully authenticate before registration of the publication server and saving of the publication server’s login information in the server login file occur. See Section 2.3.1.4 for information on the xDB Replication Configuration file.

Figure 60 - Save login information option for a publication server

See Section 5.2.1 for more information on the purpose of these fields and the process of registering a publication server.

The following shows the Register Subscription Server dialog box. In this example 192.168.2.7 entered in the Host field, 9052 entered in the Port field, enterprisedb entered in the User Name field, and an encrypted form of the password entered in the Password field are saved in the server login file for this subscription server if user name and password validation are successful.

Figure 61 - Save login information option for a subscription server

See Section 5.3.1 for more information on the purpose of these fields and the process of registering a subscription server.

Saving server login information gives you the convenience of immediate access to the publication server and any of its subordinate publications, or access to the subscription server and any of its subordinate subscriptions. That is, when you open the xDB Replication Console, the Publication Server nodes of saved publication servers immediately appear in the replication tree allowing you to perform administrative tasks on its subordinate publications.

Similarly, the Subscription Server nodes of saved subscription servers immediately appear in the replication tree allowing you to perform administrative tasks on its subordinate subscriptions.

If you did not save server login information, the server nodes would not be visible in the replication tree. You would have to re-enter the server’s network location, user name, and password. In other words, you would have to register the server each time you open the xDB Replication Console.

Note: Each operating system account on a given host has its own server login file. Thus, the servers that are saved and appear in the xDB Replication Console when opened is independently determined for each operating system account.

4.2.2 Security Risks of Saved Server Login Information

The preceding section discussed the benefits of saving server login information.

The security risk associated with it is if unauthorized persons gain access to your operating system account, they could then potentially open the xDB Replication Console on your host using your operating system account.

If the login information of publication servers or subscription servers is saved, the corresponding Publication Server nodes or Subscription Server nodes immediately appear in the xDB Replication Console with no request for authentication information.

This allows an unauthorized person to perform any operation on the exposed publications and subscriptions including the potential to completely delete the replication system.

Note: The publication database and subscription database cannot be deleted, but unauthorized replications could be forced to occur.

Thus, it is important that operating system accounts are secure on hosts that have access to an xDB Replication Console and a replication system.

Previous PageTable Of ContentsNext Page