Re: SQL independence.
> Looks good but I use MySQL. I noticed in
> the mail list archive that because of
> some SQL procedures it would be too
> complicated to port over.
> Are there any plans for database
The main problem is that OpenNMS uses C based stored procedures which, as I understand it, are not possible on MySQL. In addition, PostgreSQL provides many enterprise features that MySQL lacks, but which are used in OpenNMS.
Preventive security is a long and tedious effort, but worth the time
The OpenSSH worm is a good example of how we could do
things differently. If security persons had mad sure
that the SSH server was only available to known trusted
parties, and those trusted parties had made sure that
they are just as secure as the systems they are logging
in to, then the OpenSSH worm wouldn't have had much
effect on commercial servers. As for the personal
users, they want flexibility. As such, there is little
chance that they are going to limit their SSH access to
a few source IP addresses. These are the users to be
concerned with. Here is an example:
John Doe, a programmer for Anonymous Software, works
from home a lot at night. John usually uses SSH to
connect to the office network. The office network has a
very restrictive firewall policy. John's home computer
is wide open (because he likes to be able to log in
wherever he goes). Now, John's computer gets
compromised, that computer is a trusted source for the
office network and the office network gets compromised.
This is a perfect example of the statement that you are
only secure as the least secure system connecting to
your network. Either the user's home system needs a
firewall configured just as tightly as the one in the
office, or the user's computer should not be trusted.