[mythtv] Schema updates
f-myth-users at media.mit.edu
f-myth-users at media.mit.edu
Mon Mar 5 07:05:45 UTC 2007
> Date: Mon, 05 Mar 2007 00:30:24 -0500
> From: "Michael T. Dean" <mtdean at thirdcontact.com>
> On 03/04/2007 08:41 PM, f-myth-users at media.mit.edu wrote:
> > EVEN IF they
> > use packages, what prevents someone from installing a too-new package
> > on a FE and thereby screwing his MBE? -That- is what I'm trying to
> > solve here. (Or, alternatively, someone simply plugs in a new FE
> > [visiting laptop, new machine, whatever] and forgets/doesn't know that
> > the FE is running a newer version---wham, the MBE gets irreversibly
> > updated, forcing updates to all -other- FE's/SBE's.)
> Trying to be constructive here... For those who have any fear of an
> accidental upgrade as described above (i.e. someone sticks a KnoppMyth
> LiveCD into a computer or brings over a laptop with MythTV installed and
> it tries to connect to your DB), simply modifying your install to use
> anything other than the default DB password will prevent any unwanted DB
> upgrades as the new machine--until configured with the other
> password--wouldn't have permission to even connect to your DB.
Thanks! (And I'm sorry for sniping at you -quite- so hard earlier.)
It wasn't 100% clear to me that the "upgrader" would be doing direct
connections to the DB (vs asking the backend to do it), although
Isaac's comments about FE-only systems sure implied it later.
> Granted, this doesn't solve the problem of accidentally upgrading one of
> your own machines you've configured to use the other password, but it's
> a start.
Yeah, it's that latter issue that worries me. We had a "near miss"
here a few months ago (though I'd been worried about it from the
start) where somebody who -did- have authorization to use our backend
(and thus had its IP address and DB password---after all, he was
working with us :) very nearly blew it by running a newer frontend.
And really, it wouldn't have been his fault at all---he'd just
"downloaded Myth" and (almost) tried to run it. Oops.
[Unless I revved the backend the day a new release came out, there'd
always be a window when that could happen, even if people around here
never used SVN.]
But if we can figure out if there -is- a solution everyone can live
with, that'd be a great start on this issue.
More information about the mythtv-dev
mailing list