[mythtv] Schema updates

f-myth-users at media.mit.edu f-myth-users at media.mit.edu
Mon Mar 5 07:05:45 UTC 2007 

    > Date: Mon, 05 Mar 2007 00:30:24 -0500
    > From: "Michael T. Dean" <mtdean at thirdcontact.com>

    > On 03/04/2007 08:41 PM, f-myth-users at media.mit.edu wrote:
    > > EVEN IF they
    > > use packages, what prevents someone from installing a too-new package
    > > on a FE and thereby screwing his MBE?  -That- is what I'm trying to
    > > solve here.  (Or, alternatively, someone simply plugs in a new FE
    > > [visiting laptop, new machine, whatever] and forgets/doesn't know that
    > > the FE is running a newer version---wham, the MBE gets irreversibly
    > > updated, forcing updates to all -other- FE's/SBE's.)

    > Trying to be constructive here...  For those who have any fear of an 
    > accidental upgrade as described above (i.e. someone sticks a KnoppMyth 
    > LiveCD into a computer or brings over a laptop with MythTV installed and 
    > it tries to connect to your DB), simply modifying your install to use 
    > anything other than the default DB password will prevent any unwanted DB 
    > upgrades as the new machine--until configured with the other 
    > password--wouldn't have permission to even connect to your DB.

Thanks!  (And I'm sorry for sniping at you -quite- so hard earlier.)

It wasn't 100% clear to me that the "upgrader" would be doing direct
connections to the DB (vs asking the backend to do it), although
Isaac's comments about FE-only systems sure implied it later.

    > Granted, this doesn't solve the problem of accidentally upgrading one of 
    > your own machines you've configured to use the other password, but it's 
    > a start.

Yeah, it's that latter issue that worries me.  We had a "near miss"
here a few months ago (though I'd been worried about it from the
start) where somebody who -did- have authorization to use our backend
(and thus had its IP address and DB password---after all, he was
working with us :) very nearly blew it by running a newer frontend.
And really, it wouldn't have been his fault at all---he'd just
"downloaded Myth" and (almost) tried to run it.  Oops.

[Unless I revved the backend the day a new release came out, there'd
always be a window when that could happen, even if people around here
never used SVN.]

But if we can figure out if there -is- a solution everyone can live
with, that'd be a great start on this issue.

More information about the mythtv-dev mailing list