First of all I would like to see BigSQL integrated into rockstor and be used instead of simple postgres: bigsql.org
Not as ROCKON, but as default install! Especially I like the BAM.
By this rockstor would become a real Data network storage solution, and not a simple NAS.
Reading your message I suppose you’re probably misunderstanding Rockstor skeleton:
Reading from BigSQL pages:
Postgres by BigSQL is complete. At its core, BigSQL is a PostgreSQL distribution. But in addition to the core PostgreSQL database, BigSQL is integrated with more than 20 open source projects that make it easier to do Postgres development, integration, scale-out, and management, as well as migrations from proprietary databases.
Ok, BigSQL has PostgreSQL (and we already have it acting Django DB backend) plus some tools related to DB data: well, actually Rockstor PostgreSQL is a Django backend, stop, nothing you’re supposed “to play with” , so probably it should be ok to have BigSQL served over Rock-ons.
Nice idea about Apache+php rock-on, reading Rockstor howtos you can try having it
My question qould be, if we have a BigSQL Rock-on, will it be easy to manage the rockon DB with it too?
I mean, I would like to have the BigSQL Postgres “instead” of normal pgsql distribution…
The only thing that would be necessary to tell the users: don’t touch the Rockstor DB.
BigSQL has monitoring and other tools aswell, and there is actually no need to have multiple posrgres servers installed, since one can manage an almost unlimited amount of databases and schemas…
I will try to make an Apache+php rock-on as soon as possible…
Just bear in mind that there is a inherent security issue with putting DB in setups like rockstor.
Because all rockons are docker containers, they all are connected to same bridge virtual Ethernet device, which is fully routed outside = all people in the network WILL be able to connect to your DB. Depends on use case, for home it’s fine but for corporate it’s another attack vector … and accidentally exposing it to outside world …
In this sense you are totally right…
Even though I don’t see any problems with intrusion, not in postgres… but it might be a problem with DDOS or similar attacks…
Then BigSQL should become a rockon. Plus the Apache wirth php (and other stuff).
I will have to learn how to create them.
when databases are accessible from corporate network, attackers usually overload the database with malformed logins, corrupt wins / netbios / active directory / any form of local network name lookup and divert server name to outside world, then when somebody that is supposed to use this database - performs a login and passes on credentials to a spoofed server outside of your network - now attacker has a login / password (which usually by lazy admins matches the root password). Scary simple way to overtake a network
For that you have to know the design of some ones network, nowadays people don’t give out passwords that easily over the phone (as they used to back in the day), but you can perfectly pretend that you need to know IP addresses of printers (those security is like Swiss cheese) and build your attack from there.