Discussion:
Anyone know a good opensource CRM that actually installs with Posgtres?
Bradley Kieser
2007-03-09 01:22:22 UTC
Permalink
I hope that someone has cracked this one because I have run into a brick
wall the entire week and after 3 all-nighters with bad installations, I
would appreciate hearing from others!

I am looking for a decent OpenSource CRM system that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-centric
and its opensource parts are very restricted.

vTiger is also mySQL-centric.

I thought that I had a corker of a system with "centricCRM" but when it
came to actually installing it, I am 48 hours down and hacking through
screen after screen of installation errors. Basically, it relies way too
much on ant and Java tools. Nothing against Java but my experience with
ant used for installing PG schemas is a dismal track record of error and
frustration. centric CRM is no exception. Frankly, it just doesn't work
and after trying to hack out the ant into a PG script I have decided to
give it up as a bad job.

XRMS promises to run on PG but... it doesn't. The core system is fine,
but useless without the plugins. The Plugins are mySQL-specific again, I
spent several all-nighters previously hacking through installation
screens attempting to convert mysql to PG, making software patches...
you get the picture.

XLSuite looks very promising. Awesome interface, looks great... only
it's just not ready yet. It is a year away from being at full PG
production level.

Compiere doesn't support PG.

OpenTAPS the demo won't even work. And it's US-centric whereas we are in
the UK. A pity that it's so very much tied to the US as it could be very
good.

I have tried numerous other CRMs but all the same - either don't run on
PG, claim to but in reality don't or are simply pre-Alpha and not ready
for production use.

So if anyone has actually cracked this, please let me know! I really
need a good CRM.

It has to be OpenSource, not just out of principle, but we need to
integrate it into an existing business with established inhouse software
so we need to be able to customise the code.


Thanks,

Brad

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
Brent Wood
2007-03-09 02:26:39 UTC
Permalink
Post by Bradley Kieser
I hope that someone has cracked this one because I have run into a
brick wall the entire week and after 3 all-nighters with bad
installations, I would appreciate hearing from others!
I am looking for a decent OpenSource CRM system that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-centric
and its opensource parts are very restricted.
Not a recommendation, coz I haven't actually used it, but you might try
Drupal, if you haven't already. I've seen Drupal work OK, & it claims to
support Postgres.


Brent Wood
Post by Bradley Kieser
vTiger is also mySQL-centric.
I thought that I had a corker of a system with "centricCRM" but when
it came to actually installing it, I am 48 hours down and hacking
through screen after screen of installation errors. Basically, it
relies way too much on ant and Java tools. Nothing against Java but my
experience with ant used for installing PG schemas is a dismal track
record of error and frustration. centric CRM is no exception. Frankly,
it just doesn't work and after trying to hack out the ant into a PG
script I have decided to give it up as a bad job.
XRMS promises to run on PG but... it doesn't. The core system is fine,
but useless without the plugins. The Plugins are mySQL-specific again,
I spent several all-nighters previously hacking through installation
screens attempting to convert mysql to PG, making software patches...
you get the picture.
XLSuite looks very promising. Awesome interface, looks great... only
it's just not ready yet. It is a year away from being at full PG
production level.
Compiere doesn't support PG.
OpenTAPS the demo won't even work. And it's US-centric whereas we are
in the UK. A pity that it's so very much tied to the US as it could be
very good.
I have tried numerous other CRMs but all the same - either don't run
on PG, claim to but in reality don't or are simply pre-Alpha and not
ready for production use.
So if anyone has actually cracked this, please let me know! I really
need a good CRM.
It has to be OpenSource, not just out of principle, but we need to
integrate it into an existing business with established inhouse
software so we need to be able to customise the code.
Thanks,
Brad
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings
Steve Atkins
2007-03-09 02:41:15 UTC
Permalink
Post by Brent Wood
Post by Bradley Kieser
I hope that someone has cracked this one because I have run into a
brick wall the entire week and after 3 all-nighters with bad
installations, I would appreciate hearing from others!
I am looking for a decent OpenSource CRM system that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-
centric and its opensource parts are very restricted.
Not a recommendation, coz I haven't actually used it, but you might
try Drupal, if you haven't already. I've seen Drupal work OK, & it
claims to support Postgres.
It's not a CRM, though.

Last time I looked, about a year ago, I came to the same conclusion
as the OP.

There are at least some excellent commercial CRMs that support
postgresql, so there's no reason why the open source ones shouldn't,
other than the whole open-source / PHP / MySQL hack mindset. That and
the whole mysql installed base issue.

Cheers,
Steve

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq
Kenneth Downs
2007-03-09 02:38:38 UTC
Permalink
Post by Bradley Kieser
I hope that someone has cracked this one because I have run into a
brick wall the entire week and after 3 all-nighters with bad
installations, I would appreciate hearing from others!
I am looking for a decent OpenSource CRM system that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-centric
and its opensource parts are very restricted.
Bradley, I've got about 2.5 out of 3 of what you are looking for,
perhaps it might work out for you. We have a GPL database application
framework that we have used for a handful of CRM-style applications
(links below). It runs on Postgres, is completely GPL, and is written
in PHP.

Now the bad news :)

We have only crude CRM stuff, and you may end up having to put more into
this area than you want to. As I said, we use it ourselves for some
stuff, but our needs are simple in that area. Its primary purpose is
high-powered business database apps.

Now on the third hand, we have a pure business app for Medical Practice
Management and we are about to add the CRM to it so that the
scheduling/billing database also serves the doctor's public website,
doing things like showing schedules, listing active insurances and other
nifty stuff like that. And of course the doc can enter new articles.
We think its really cool to be able to integrate CRM with business this way.

The only other bad news is that it is Linux only. It has been installed
on Mac but nobody here can support you with that. In principle it can
run on Windows because Apache, PHP and Postgres run on windows, but
again, you'd become the guy I send other people to once you get it going :)

Here are three CRM sites running it. They are my company site, the
project site itself, and a site for a rental home:

www.secdat.com
www.andromeda-project.org
www.manisteeforestretreat.com

The middle one is the actual project, its got some docs, some tutorials,
and a link to the sourceforge download.

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
Ron Johnson
2007-03-09 04:12:47 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/08/07 20:38, Kenneth Downs wrote:
[snip]
Post by Kenneth Downs
Management and we are about to add the CRM to it so that the
scheduling/billing database also serves the doctor's public website,
Is that wise? One bug and a cracker is poking around some very
private stuff!!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF8N6/S9HxQb37XmcRAsgfAKCq5hSw1XpU+piaL2RBoihoPTMfZwCdG5D3
YndimzGriPXUM49P9b596og=
=wU1C
-----END PGP SIGNATURE-----

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ***@postgresql.org so that your
message can get through to the mailing list cleanly
Kenneth Downs
2007-03-09 13:08:11 UTC
Permalink
Post by Ron Johnson
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[snip]
Post by Kenneth Downs
Management and we are about to add the CRM to it so that the
scheduling/billing database also serves the doctor's public website,
Is that wise? One bug and a cracker is poking around some very
private stuff!!
We use the "Spartan" security model rather than perimeter defense, which
gives us the confidence to do things that others may not.

The general outline is as follows.

First, security is defined directly in terms of tables, it is not
arbitrated by code. The "public" group has SELECT access to the
articles table and the schedules tables, that's it. If a person figures
out how our links work and tries to access the "claims" table it will
simply come up blank (and we get an email). The "staff" group has
read/write access to scheduling, and so forth.

Second, the security assignments to tables are generated by a builder,
which revokes and grants all priveleges to all groups on all tables.
This is to prevent the possibility of error or omission if a person
were to implement it table-by-table.

Third, as you probably have guessed, we do not connect to the database
as a super-user and then arbitrate in code. Regular staff connect with
real database accounts and their security in the database is limited to
those accounts. Bugs in code that try to provide unauthorized
information will return server errors. A person with no account, such
as the public user, has the lowest security priveleges, as mentioned above.

Finally, our URL parameter scheme is really very simple and easy to
figure out, we are not hiding it. Anybody trying to get something they
can't would not take long to work it out (especially as the underlying
tools are GPL), they would simply find it did them no good.

It is good to be very concerned about security, especially HIPPA, where
there are legal ramifications. It is also very good to be able to
provide convenience and security in one package.
Karsten Hilbert
2007-03-09 15:25:11 UTC
Permalink
Post by Kenneth Downs
First, security is defined directly in terms of tables, it is not
arbitrated by code. The "public" group has SELECT access to the
articles table and the schedules tables, that's it. If a person figures
out how our links work and tries to access the "claims" table it will
simply come up blank (and we get an email).
How ?

Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
Kenneth Downs
2007-03-09 16:02:45 UTC
Permalink
Post by Karsten Hilbert
Post by Kenneth Downs
First, security is defined directly in terms of tables, it is not
arbitrated by code. The "public" group has SELECT access to the
articles table and the schedules tables, that's it. If a person figures
out how our links work and tries to access the "claims" table it will
simply come up blank (and we get an email).
How ?
Karsten
If a user has not logged in, that is, if they are an anonymous visitor,
the web framework will connect to the database as the default "public"
user. Our system is deny-by-default, so this user cannot actually read
from any table unless specifically granted permission. In the case
being discussed, the public user is given SELECT permission on some
columns of the insurance carriers table, and on the schedules table.

The column-level security is important, as you don't want anybody seeing
the provider id!

If the user figures out our URL scheme, they might try something like
"?gp_page=patients" and say "Wow I'm clever I'm going to look at the
patients table", except that the public user has no privilege on the
table. The db server will throw a permission denied error.
Kevin Hunter
2007-03-09 16:29:28 UTC
Permalink
Post by Kenneth Downs
Post by Kenneth Downs
First, security is defined directly in terms of tables, it is not
arbitrated by code. The "public" group has SELECT access to the
articles table and the schedules tables, that's it. If a person
figures out how our links work and tries to access the "claims" table
it will simply come up blank (and we get an email).
If a user has not logged in, that is, if they are an anonymous visitor,
the web framework will connect to the database as the default "public"
user. Our system is deny-by-default, so this user cannot actually read
from any table unless specifically granted permission. In the case
being discussed, the public user is given SELECT permission on some
columns of the insurance carriers table, and on the schedules table.
Huh. Does that imply that the web framework still holds a number of
different DB credentials? Or does each user need to supply their
specific DB credentials as their authentication so the web framework is
merely a proxy to the DB?

(Having recently discovered a major security oversight in one of my
employer's webapps, my mind's hot on this kind of thing.)

Kevin

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
Bill Moran
2007-03-09 16:36:08 UTC
Permalink
Post by Kevin Hunter
Post by Kenneth Downs
Post by Kenneth Downs
First, security is defined directly in terms of tables, it is not
arbitrated by code. The "public" group has SELECT access to the
articles table and the schedules tables, that's it. If a person
figures out how our links work and tries to access the "claims" table
it will simply come up blank (and we get an email).
If a user has not logged in, that is, if they are an anonymous visitor,
the web framework will connect to the database as the default "public"
user. Our system is deny-by-default, so this user cannot actually read
from any table unless specifically granted permission. In the case
being discussed, the public user is given SELECT permission on some
columns of the insurance carriers table, and on the schedules table.
Huh. Does that imply that the web framework still holds a number of
different DB credentials? Or does each user need to supply their
specific DB credentials as their authentication so the web framework is
merely a proxy to the DB?
(Having recently discovered a major security oversight in one of my
employer's webapps, my mind's hot on this kind of thing.)
What's hot in my mind is "how do you securely maintain the database connection
information between page loads?"
--
Bill Moran
http://www.potentialtech.com

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

http://archives.postgresql.org/
Kenneth Downs
2007-03-09 17:33:45 UTC
Permalink
Post by Bill Moran
Post by Kevin Hunter
Post by Kenneth Downs
If a user has not logged in, that is, if they are an anonymous visitor,
the web framework will connect to the database as the default "public"
user. Our system is deny-by-default, so this user cannot actually read
from any table unless specifically granted permission. In the case
being discussed, the public user is given SELECT permission on some
columns of the insurance carriers table, and on the schedules table.
Huh. Does that imply that the web framework still holds a number of
different DB credentials? Or does each user need to supply their
specific DB credentials as their authentication so the web framework is
merely a proxy to the DB?
(Having recently discovered a major security oversight in one of my
employer's webapps, my mind's hot on this kind of thing.)
What's hot in my mind is "how do you securely maintain the database connection
information between page loads?"
I suppose we could ask JP Morgan Chase bank what they do. As I
mentioned to Kevin, sooner or later the security implementation comes
down to sessions, the user's protection of their password, whether to
use certificates, whether to use dongles, etc.
Kenneth Downs
2007-03-09 17:31:16 UTC
Permalink
Post by Kevin Hunter
Post by Kenneth Downs
If a user has not logged in, that is, if they are an anonymous
visitor, the web framework will connect to the database as the
default "public" user. Our system is deny-by-default, so this user
cannot actually read from any table unless specifically granted
permission. In the case being discussed, the public user is given
SELECT permission on some columns of the insurance carriers table,
and on the schedules table.
Huh. Does that imply that the web framework still holds a number of
different DB credentials? Or does each user need to supply their
specific DB credentials as their authentication so the web framework
is merely a proxy to the DB?
Yes, exactly, the web framework can be thought of as a proxy, it is
connecting to the DB using credentials provided by the user.

Which, I will take pains to point out, is far far superior to having it
connect as a super-user and then trusting that the code is bug-free.
Ouch, I don't even want to think about that one.

But anyway, once we arrive at this point you arrive at the standard
questions surrounding session security and the possible use of
certificates. The system is now as secure as your user's password
habits and your server's general security.



---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
Karsten Hilbert
2007-03-09 16:45:28 UTC
Permalink
Post by Kenneth Downs
Post by Kenneth Downs
Post by Kenneth Downs
First, security is defined directly in terms of tables, it is not
arbitrated by code. The "public" group has SELECT access to the
articles table and the schedules tables, that's it. If a person figures
out how our links work and tries to access the "claims" table it will
simply come up blank (and we get an email).
If a user has not logged in, that is, if they are an anonymous visitor,
the web framework will connect to the database as the default "public"
user. Our system is deny-by-default, so this user cannot actually read
Post by Kenneth Downs
from any table unless specifically granted permission. In the case
being discussed, the public user is given SELECT permission on some
columns of the insurance carriers table, and on the schedules table.
The column-level security is important, as you don't want anybody seeing
the provider id!
If the user figures out our URL scheme, they might try something like
"?gp_page=patients" and say "Wow I'm clever I'm going to look at the
patients table", except that the public user has no privilege on the
table. The db server will throw a permission denied error.
My interest was more towards the "we get an email" part.
What level do you send that from ? A trigger ?

Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
Kenneth Downs
2007-03-09 17:22:19 UTC
Permalink
Post by Karsten Hilbert
Post by Kenneth Downs
If the user figures out our URL scheme, they might try something like
"?gp_page=patients" and say "Wow I'm clever I'm going to look at the
patients table", except that the public user has no privilege on the
table. The db server will throw a permission denied error.
My interest was more towards the "we get an email" part.
What level do you send that from ? A trigger ?
The web framework does that. The web framework decodes the HTTP request
and executes any SQL it thinks the user wants. If there is a
permissions error then it sends an email to the administrator.

The underlying idea is that the GET/POST parameters are pretty standard
and easy to decode and convert into SQL commands. For instance, by
default we assume a page = a table, and lacking any code that overrides
that assumption, a request for a page becomes a search request in the
table of the same name. This is the first thing a cracker would depend
upon if he were trying to pry.
Karsten Hilbert
2007-03-09 21:31:36 UTC
Permalink
Post by Kenneth Downs
Post by Karsten Hilbert
My interest was more towards the "we get an email" part.
What level do you send that from ? A trigger ?
The web framework does that.
I see. IOW if a violation happens below the web layer the
e-mail doesn't get send. I thought you had maybe written a
trigger to do it in, say, pl/Perl or so.

Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
Martin Gainty
2007-03-09 17:30:26 UTC
Permalink
Karsten-
You would need some manner of DML operation to take place (in this way the DB trigger could sense the change in DB state to activate e-mail)
Otherwise you could do so at your Webapp login
Does this answer your question?
Tak
Martin--
---------------------------------------------------------------------------
This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited.
---------------------------------------------------------------------------
Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire.
----- Original Message -----
From: "Karsten Hilbert" <***@gmx.net>
To: <pgsql-***@postgresql.org>
Sent: Friday, March 09, 2007 11:45 AM
Subject: Re: HIPPA (was Re: [GENERAL] Anyone know ...)
Post by Karsten Hilbert
Post by Kenneth Downs
Post by Kenneth Downs
Post by Kenneth Downs
First, security is defined directly in terms of tables, it is not
arbitrated by code. The "public" group has SELECT access to the
articles table and the schedules tables, that's it. If a person figures
out how our links work and tries to access the "claims" table it will
simply come up blank (and we get an email).
If a user has not logged in, that is, if they are an anonymous visitor,
the web framework will connect to the database as the default "public"
user. Our system is deny-by-default, so this user cannot actually read
Post by Kenneth Downs
from any table unless specifically granted permission. In the case
being discussed, the public user is given SELECT permission on some
columns of the insurance carriers table, and on the schedules table.
The column-level security is important, as you don't want anybody seeing
the provider id!
If the user figures out our URL scheme, they might try something like
"?gp_page=patients" and say "Wow I'm clever I'm going to look at the
patients table", except that the public user has no privilege on the
table. The db server will throw a permission denied error.
My interest was more towards the "we get an email" part.
What level do you send that from ? A trigger ?
Karsten
--
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/fa
Ron Johnson
2007-03-09 16:57:09 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Kenneth Downs
Post by Karsten Hilbert
Post by Kenneth Downs
First, security is defined directly in terms of tables, it is not
arbitrated by code. The "public" group has SELECT access to the
articles table and the schedules tables, that's it. If a person
figures out how our links work and tries to access the "claims" table
it will simply come up blank (and we get an email).
How ?
Karsten
If a user has not logged in, that is, if they are an anonymous visitor,
the web framework will connect to the database as the default "public"
user. Our system is deny-by-default, so this user cannot actually read
from any table unless specifically granted permission. In the case
being discussed, the public user is given SELECT permission on some
columns of the insurance carriers table, and on the schedules table.
The column-level security is important, as you don't want anybody seeing
the provider id!
If the user figures out our URL scheme, they might try something like
"?gp_page=patients" and say "Wow I'm clever I'm going to look at the
patients table", except that the public user has no privilege on the
table. The db server will throw a permission denied error.
What about an SQL injection bug that allows for increased privileges?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF8ZHlS9HxQb37XmcRAjTMAKDSBDYYmTt9/ivGtl59YtITz5Lb4ACffLzQ
MlCCcfGd5sS3aNhtgDrd+rA=
=cwTh
-----END PGP SIGNATURE-----

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

http://archives.postgresql.org/
Kenneth Downs
2007-03-09 17:27:12 UTC
Permalink
Post by Ron Johnson
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Kenneth Downs
Post by Karsten Hilbert
Post by Kenneth Downs
First, security is defined directly in terms of tables, it is not
arbitrated by code. The "public" group has SELECT access to the
articles table and the schedules tables, that's it. If a person
figures out how our links work and tries to access the "claims" table
it will simply come up blank (and we get an email).
How ?
Karsten
If a user has not logged in, that is, if they are an anonymous visitor,
the web framework will connect to the database as the default "public"
user. Our system is deny-by-default, so this user cannot actually read
from any table unless specifically granted permission. In the case
being discussed, the public user is given SELECT permission on some
columns of the insurance carriers table, and on the schedules table.
The column-level security is important, as you don't want anybody seeing
the provider id!
If the user figures out our URL scheme, they might try something like
"?gp_page=patients" and say "Wow I'm clever I'm going to look at the
patients table", except that the public user has no privilege on the
table. The db server will throw a permission denied error.
What about an SQL injection bug that allows for increased privileges?
Um, web programming 101 is that you escape quotes on user-supplied
inputs. That ends SQL injection.

After that, as stated above, anything the user attempts is executed at
his privilege level. For an anonymous user, that's the lowest.

The biggest security limitation we have is actually a weakness in
Postgres - the inability to restrict the abilities of a user with
CREATUSER rights, they can make somebody who can do anything. For
higher security this requires no ability for public registration of
accounts. This would be solved if we could restrict a CREATUSER user to
only GRANTing to roles they themselves are in.
Kevin Hunter
2007-03-09 18:42:35 UTC
Permalink
Post by Kenneth Downs
Post by Ron Johnson
What about an SQL injection bug that allows for increased privileges?
Um, web programming 101 is that you escape quotes on user-supplied
inputs. That ends SQL injection.
Pardon my naivete (I'm fairly new to web/DB programming) . . . is this
the current standard method of protection from SQL injection? How does
it compare to SQL preparation with bound variables?

Kevin

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
Kenneth Downs
2007-03-09 18:53:15 UTC
Permalink
Post by Kevin Hunter
Post by Kenneth Downs
Post by Ron Johnson
What about an SQL injection bug that allows for increased privileges?
Um, web programming 101 is that you escape quotes on user-supplied
inputs. That ends SQL injection.
Pardon my naivete (I'm fairly new to web/DB programming) . . . is this
the current standard method of protection from SQL injection? How
does it compare to SQL preparation with bound variables?
When you use SQL Prepared statements it is normal for the db driver to
escape out the variables for you. Well at least it is in PHP, I can't
say for other systems.
Post by Kevin Hunter
Kevin
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
Tom Lane
2007-03-10 02:04:40 UTC
Permalink
Post by Kenneth Downs
The biggest security limitation we have is actually a weakness in
Postgres - the inability to restrict the abilities of a user with
CREATUSER rights, they can make somebody who can do anything. For
higher security this requires no ability for public registration of
accounts. This would be solved if we could restrict a CREATUSER user to
only GRANTing to roles they themselves are in.
I thought about this for awhile, but I think you are missing the reason
why it's designed the way it is. The point of CREATEROLE privilege is
to be a slightly safer form of superuser: that is, to allow the DBA to
do all his day-to-day management of user accounts without being a real
superuser who can corrupt the database arbitrarily badly. If we
restricted CREATEROLE as you suggest, then either DBAs would have to
make their CREATEROLE account a member of every role they manage, or
they'd have to run as real superusers. Either choice represents a
significant increase in the capabilities of the CREATEROLE account and
thus more chance for mistakes. So while a miscreant with CREATEROLE
can certainly avail himself of any database privilege short of
superuserness, in the intended use of the feature it is actually
possible for DBAs to operate with *fewer* privileges than they would
need to get useful work done if we adopted your suggestion.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
Kenneth Downs
2007-03-10 15:12:17 UTC
Permalink
Post by Tom Lane
Post by Kenneth Downs
The biggest security limitation we have is actually a weakness in
Postgres - the inability to restrict the abilities of a user with
CREATUSER rights, they can make somebody who can do anything. For
higher security this requires no ability for public registration of
accounts. This would be solved if we could restrict a CREATUSER user to
only GRANTing to roles they themselves are in.
I thought about this for awhile, but I think you are missing the reason
why it's designed the way it is. The point of CREATEROLE privilege is
to be a slightly safer form of superuser: that is, to allow the DBA to
do all his day-to-day management of user accounts without being a real
superuser who can corrupt the database arbitrarily badly. If we
restricted CREATEROLE as you suggest, then either DBAs would have to
make their CREATEROLE account a member of every role they manage, or
they'd have to run as real superusers. Either choice represents a
significant increase in the capabilities of the CREATEROLE account and
thus more chance for mistakes. So while a miscreant with CREATEROLE
can certainly avail himself of any database privilege short of
superuserness, in the intended use of the feature it is actually
possible for DBAs to operate with *fewer* privileges than they would
need to get useful work done if we adopted your suggestion.
Tom, it sounds like you've thought this through, and I can't disagree
with the reality of what DBA's are doing, but does it have to be one or
the other?

Perhaps a lesser form of CREATEROLE, CREATEROLE_LIMITED, who can create
roles and only grant to the roles he himself is a member of.

This suggestion I think would be in line with your own reasoning. Just
as CREATEROLE is a lesser SUPERUSER, so CREATEROLE_LIMITED is the next
logical extension, a lesser CREATEROLE.

At any rate, I hope I can convince somebody, cuz ole Ken don't code in C
no more :)
Tom Lane
2007-03-10 17:23:51 UTC
Permalink
Post by Kenneth Downs
Perhaps a lesser form of CREATEROLE, CREATEROLE_LIMITED, who can create
roles and only grant to the roles he himself is a member of.
You can make that out of spare parts today, by granting non-superusers
execute rights on functions that create users.

regression=# create or replace function makeuser(text) returns void as $$
begin
execute 'create role ' || quote_ident($1) || ' login';
end$$ language plpgsql security definer;
CREATE FUNCTION
regression=# revoke all on function makeuser(text) from public;
REVOKE
regression=# create user joe;
CREATE ROLE
regression=# grant execute on function makeuser(text) to joe;
GRANT
regression=# \c - joe
You are now connected to database "regression" as user "joe".
regression=> create user foo;
ERROR: permission denied to create role
regression=> select makeuser('foo');
makeuser
----------

(1 row)

regression=> \c - foo
You are now connected to database "regression" as user "foo".
regression=>

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
Kenneth Downs
2007-03-10 17:26:43 UTC
Permalink
Awesome! That never occurred to me. This is really cool.
Post by Tom Lane
Post by Kenneth Downs
Perhaps a lesser form of CREATEROLE, CREATEROLE_LIMITED, who can create
roles and only grant to the roles he himself is a member of.
You can make that out of spare parts today, by granting non-superusers
execute rights on functions that create users.
regression=# create or replace function makeuser(text) returns void as $$
begin
execute 'create role ' || quote_ident($1) || ' login';
end$$ language plpgsql security definer;
CREATE FUNCTION
regression=# revoke all on function makeuser(text) from public;
REVOKE
regression=# create user joe;
CREATE ROLE
regression=# grant execute on function makeuser(text) to joe;
GRANT
regression=# \c - joe
You are now connected to database "regression" as user "joe".
regression=> create user foo;
ERROR: permission denied to create role
regression=> select makeuser('foo');
makeuser
----------
(1 row)
regression=> \c - foo
You are now connected to database "regression" as user "foo".
regression=>
regards, tom lane
David Legault
2007-03-10 19:01:17 UTC
Permalink
That's basically what I've done with my past questions on the ROLE system in
place. Since roles are global, I wanted it fine grained to the DB level so I
had to append DB_ in front of each role name and by using current_database()
inside my functions, I could hide that from the exterior.

Now I have a web administration panel that can let me administer users and
groups. Functions are synced with app permissions and given to groups only.
Then users are assigned to groups to give them their app permissions + db
function permissions. I had to create a couple extra tables to do the sync
between app permissions (view page X, do action Y) and the functions needed
for each of these app permission combos.

Users of my products will now be able to control all the users via that
panel, it also removes any superuser credentials on the app level as now the
DB users are used for the web app login too.

I'm very pleased to have learned this new database and its incorporation in
my apps and future apps.

David
Post by Kenneth Downs
Awesome! That never occurred to me. This is really cool.
Perhaps a lesser form of CREATEROLE, CREATEROLE_LIMITED, who can create
roles and only grant to the roles he himself is a member of.
You can make that out of spare parts today, by granting non-superusers
execute rights on functions that create users.
regression=# create or replace function makeuser(text) returns void as $$
begin
execute 'create role ' || quote_ident($1) || ' login';
end$$ language plpgsql security definer;
CREATE FUNCTION
regression=# revoke all on function makeuser(text) from public;
REVOKE
regression=# create user joe;
CREATE ROLE
regression=# grant execute on function makeuser(text) to joe;
GRANT
regression=# \c - joe
You are now connected to database "regression" as user "joe".
regression=> create user foo;
ERROR: permission denied to create role
regression=> select makeuser('foo');
makeuser
----------
(1 row)
regression=> \c - foo
You are now connected to database "regression" as user "foo".
regression=>
regards, tom lane
Alvaro Herrera
2007-03-10 20:14:33 UTC
Permalink
Post by David Legault
That's basically what I've done with my past questions on the ROLE system in
place. Since roles are global, I wanted it fine grained to the DB level so I
had to append DB_ in front of each role name and by using current_database()
inside my functions, I could hide that from the exterior.
Hmm, there used to be a facility to restrict users to specific
databases, enabled by db_user_namespace (not by default).

It seems to still work on 8.2 ...
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

http://archives.postgresql.org/
Kenneth Downs
2007-03-10 20:21:41 UTC
Permalink
Post by Alvaro Herrera
Post by David Legault
That's basically what I've done with my past questions on the ROLE system in
place. Since roles are global, I wanted it fine grained to the DB level so I
had to append DB_ in front of each role name and by using current_database()
inside my functions, I could hide that from the exterior.
Hmm, there used to be a facility to restrict users to specific
databases, enabled by db_user_namespace (not by default).
It seems to still work on 8.2 ...
there is also the 'samegroup' facility in pg_hba.conf. We create a
group named after each database, and a person cannot get into a database
unless they are in that group.
David Legault
2007-03-10 21:45:41 UTC
Permalink
Post by David Legault
That's basically what I've done with my past questions on the ROLE system in
place. Since roles are global, I wanted it fine grained to the DB level so I
had to append DB_ in front of each role name and by using current_database()
inside my functions, I could hide that from the exterior.
Hmm, there used to be a facility to restrict users to specific
databases, enabled by db_user_namespace (not by default).
I tried this, but couldn't achieve what I wanted with it, it's also marked
as "temp stuff could change in the future".

It seems to still work on 8.2 ...
Post by David Legault
there is also the 'samegroup' facility in pg_hba.conf. We create a group
named after each database, and a person cannot get into a database unless
they are in that group.
I append the name of the DB on front of the roles and it works flawlessly,
you can't have 2 DB with the same name in the cluster. It's also transparent
to the application since the functions to interact with the roles + other
tables use current_database() which gets the name of the DB to which the
groups are assigned.

All databases are REVOKED from public as all functions. When a user is
created he is granted connect on the database to which he belongs. So even
if someone gets the credentials to db1_user and attempts to connect to db2
with it it will fail.

David
Craig White
2007-03-09 06:02:24 UTC
Permalink
Post by Bradley Kieser
I hope that someone has cracked this one because I have run into a brick
wall the entire week and after 3 all-nighters with bad installations, I
would appreciate hearing from others!
I am looking for a decent OpenSource CRM system that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-centric
and its opensource parts are very restricted.
vTiger is also mySQL-centric.
I thought that I had a corker of a system with "centricCRM" but when it
came to actually installing it, I am 48 hours down and hacking through
screen after screen of installation errors. Basically, it relies way too
much on ant and Java tools. Nothing against Java but my experience with
ant used for installing PG schemas is a dismal track record of error and
frustration. centric CRM is no exception. Frankly, it just doesn't work
and after trying to hack out the ant into a PG script I have decided to
give it up as a bad job.
XRMS promises to run on PG but... it doesn't. The core system is fine,
but useless without the plugins. The Plugins are mySQL-specific again, I
spent several all-nighters previously hacking through installation
screens attempting to convert mysql to PG, making software patches...
you get the picture.
XLSuite looks very promising. Awesome interface, looks great... only
it's just not ready yet. It is a year away from being at full PG
production level.
Compiere doesn't support PG.
OpenTAPS the demo won't even work. And it's US-centric whereas we are in
the UK. A pity that it's so very much tied to the US as it could be very
good.
I have tried numerous other CRMs but all the same - either don't run on
PG, claim to but in reality don't or are simply pre-Alpha and not ready
for production use.
So if anyone has actually cracked this, please let me know! I really
need a good CRM.
It has to be OpenSource, not just out of principle, but we need to
integrate it into an existing business with established inhouse software
so we need to be able to customise the code.
----
my experience with CRM stuff is that the general CRM application never
does what you want and you are going to have to hack it no matter what.
If you are comfortable with going PHP, you just download sugarcrm or
vtiger or whatever comes closest to your vision of your needs and hack
away from there.

Myself, I am very much enthralled with Ruby on Rails and see it as an
amazingly rapid development system and have been writing everything from
scratch for our non-profit.

Craig


---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
Mario Guenterberg
2007-03-09 08:10:27 UTC
Permalink
Post by Bradley Kieser
I hope that someone has cracked this one because I have run into a brick
wall the entire week and after 3 all-nighters with bad installations, I
would appreciate hearing from others!
I am looking for a decent OpenSource CRM system that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-centric
and its opensource parts are very restricted.
Hi...

lxOffice runs with PostgreSQL.

http://www.lx-office.org

regards
Mario
--
-----------------------------------------------------
| havelsoft.com - Ihr Service Partner für Open Source |
| Tel: 033876-21 966 |
| Notruf: 0173-277 33 60 |
| http://www.havelsoft.com |
| |
| Inhaber: Mario Günterberg |
| Mützlitzer Strasse 19 |
| 14715 Märkisch Luch |
-----------------------------------------------------
John Sidney-Woollett
2007-03-09 08:32:02 UTC
Permalink
centric crm works with postgres

John
Post by Mario Guenterberg
Post by Bradley Kieser
I hope that someone has cracked this one because I have run into a brick
wall the entire week and after 3 all-nighters with bad installations, I
would appreciate hearing from others!
I am looking for a decent OpenSource CRM system that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-centric
and its opensource parts are very restricted.
Hi...
lxOffice runs with PostgreSQL.
http://www.lx-office.org
regards
Mario
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
Walter Vaughan
2007-03-09 13:57:10 UTC
Permalink
Post by Bradley Kieser
I am looking for a decent OpenSource CRM system that will run with
Postgres.
OpenTAPS the demo won't even work. And it's US-centric whereas we are in
the UK. A pity that it's so very much tied to the US as it could be very
good.
What actually didn't work with OpenTaps? "OpenTaps" is additional modules that
work with the Apache Open For Business project core product.

What functions that SugarCRM supply that you need in OpenTaps? We are funding
($$,$$$ USD) a lot of changes right now in OpenTaps and OFBiz, and perhaps you
could let me know where the feature gap is so that I don't end up with a "I
can't believe we forgot about that".

--
Walter

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
Sven Willenberger
2007-03-09 19:24:48 UTC
Permalink
Post by Bradley Kieser
I hope that someone has cracked this one because I have run into a brick
wall the entire week and after 3 all-nighters with bad installations, I
would appreciate hearing from others!
I am looking for a decent OpenSource CRM system that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-centric
and its opensource parts are very restricted.
vTiger is also mySQL-centric.
I thought that I had a corker of a system with "centricCRM" but when it
came to actually installing it, I am 48 hours down and hacking through
screen after screen of installation errors. Basically, it relies way too
much on ant and Java tools. Nothing against Java but my experience with
ant used for installing PG schemas is a dismal track record of error and
frustration. centric CRM is no exception. Frankly, it just doesn't work
and after trying to hack out the ant into a PG script I have decided to
give it up as a bad job.
XRMS promises to run on PG but... it doesn't. The core system is fine,
but useless without the plugins. The Plugins are mySQL-specific again, I
spent several all-nighters previously hacking through installation
screens attempting to convert mysql to PG, making software patches...
you get the picture.
XLSuite looks very promising. Awesome interface, looks great... only
it's just not ready yet. It is a year away from being at full PG
production level.
Compiere doesn't support PG.
OpenTAPS the demo won't even work. And it's US-centric whereas we are in
the UK. A pity that it's so very much tied to the US as it could be very
good.
I have tried numerous other CRMs but all the same - either don't run on
PG, claim to but in reality don't or are simply pre-Alpha and not ready
for production use.
So if anyone has actually cracked this, please let me know! I really
need a good CRM.
It has to be OpenSource, not just out of principle, but we need to
integrate it into an existing business with established inhouse software
so we need to be able to customise the code.
Stumbled across this one: http://www.hipergate.org/ which appears to be
crm and groupware that works with postgresql (requires version 8.x so it
appears to be relatively up to date development-wise). It is java based
apparently so it may not be so palatable for you.


---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ***@postgresql.org so that your
message can get through to the mailing list cleanly
Brandon Aiken
2007-03-09 19:35:23 UTC
Permalink
Why is running on PG so important? Why not look for the best CRM
application for your user's needs?

--
Brandon Aiken
CS/IT Systems Engineer

-----Original Message-----
From: pgsql-general-***@postgresql.org
[mailto:pgsql-general-***@postgresql.org] On Behalf Of Bradley Kieser
Sent: Thursday, March 08, 2007 8:22 PM
To: pgsql-***@postgresql.org
Subject: [GENERAL] Anyone know a good opensource CRM that actually
installs with Posgtres?

I hope that someone has cracked this one because I have run into a brick

wall the entire week and after 3 all-nighters with bad installations, I
would appreciate hearing from others!

I am looking for a decent OpenSource CRM system that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-centric
and its opensource parts are very restricted.

vTiger is also mySQL-centric.

I thought that I had a corker of a system with "centricCRM" but when it
came to actually installing it, I am 48 hours down and hacking through
screen after screen of installation errors. Basically, it relies way too

much on ant and Java tools. Nothing against Java but my experience with
ant used for installing PG schemas is a dismal track record of error and

frustration. centric CRM is no exception. Frankly, it just doesn't work
and after trying to hack out the ant into a PG script I have decided to
give it up as a bad job.

XRMS promises to run on PG but... it doesn't. The core system is fine,
but useless without the plugins. The Plugins are mySQL-specific again, I

spent several all-nighters previously hacking through installation
screens attempting to convert mysql to PG, making software patches...
you get the picture.

XLSuite looks very promising. Awesome interface, looks great... only
it's just not ready yet. It is a year away from being at full PG
production level.

Compiere doesn't support PG.

OpenTAPS the demo won't even work. And it's US-centric whereas we are in

the UK. A pity that it's so very much tied to the US as it could be very

good.

I have tried numerous other CRMs but all the same - either don't run on
PG, claim to but in reality don't or are simply pre-Alpha and not ready
for production use.

So if anyone has actually cracked this, please let me know! I really
need a good CRM.

It has to be OpenSource, not just out of principle, but we need to
integrate it into an existing business with established inhouse software

so we need to be able to customise the code.


Thanks,

Brad

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match


--------------------------------------------------------------------
** LEGAL DISCLAIMER **
Statements made in this e-mail may or may not reflect the views and
opinions of Wineman Technology, Inc. or its employees.

This e-mail message and any attachments may contain legally privileged,
confidential or proprietary information. If you are not the intended
recipient(s), or the employee or agent responsible for delivery of
this message to the intended recipient(s), you are hereby notified
that any dissemination, distribution or copying of this e-mail
message is strictly prohibited. If you have received this message in
error, please immediately notify the sender and delete this e-mail
message from your computer.

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ***@postgresql.org so that your
message can get through to the mailing list cleanly
Merlin Moncure
2007-03-09 19:47:55 UTC
Permalink
Post by Brandon Aiken
Why is running on PG so important? Why not look for the best CRM
application for your user's needs?
probably because he wants to interface his own systems on it that are
already running on postgresql.

merlin

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq
Steve Atkins
2007-03-09 20:19:23 UTC
Permalink
Post by Brandon Aiken
Why is running on PG so important? Why not look for the best CRM
application for your user's needs?
There can be many reasons - mostly related to the fact that the
business needs are at least as important, if not more so, than
the user needs.

Running a second corporate database doubles DBA
and sysadmin overhead (let alone the amount of learning needed
to support it effectively, including maintenance, tuning, backup,
disaster recovery, security, updates...).

Also, I wouldn't want any business-critical CRM data on a database
I didn't trust to not lose or corrupt it. I'm still undecided on whether
I trust databases beginning with "M" that much, and I'm certainly
not as confident in them as I am in PG. I quite like SugarCRM, but
I'm not ready to rely on it, mostly for this reason.

Because I may want to modify it to meet my needs (which also
answers the "why open source rather than proprietary?" question),
which requires an even more intimate knowledge of the quirks of
the database than basic maintenance.

Cheers,
Steve


---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
syaskin
2007-05-05 03:07:17 UTC
Permalink
Why is running on PG so important? Why not look for the bestCRM
application for your user's needs?
--
Brandon Aiken
CS/IT Systems Engineer
-----Original Message-----
Sent: Thursday, March 08, 2007 8:22 PM
Subject: [GENERAL] Anyone know a good opensourceCRMthat actually
installs with Posgtres?
I hope that someone has cracked this one because I have run into a brick
wall the entire week and after 3 all-nighters with bad installations, I
would appreciate hearing from others!
I am looking for a decent OpenSourceCRMsystem that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-centric
and its opensource parts are very restricted.
vTiger is also mySQL-centric.
I thought that I had a corker of a system with "centricCRM" but when it
came to actually installing it, I am 48 hours down and hacking through
screen after screen of installation errors. Basically, it relies way too
much on ant and Java tools. Nothing against Java but my experience with
ant used for installing PG schemas is a dismal track record of error and
frustration. centricCRMis no exception. Frankly, it just doesn't work
and after trying to hack out the ant into a PG script I have decided to
give it up as a bad job.
XRMS promises to run on PG but... it doesn't. The core system is fine,
but useless without the plugins. The Plugins are mySQL-specific again, I
spent several all-nighters previously hacking through installation
screens attempting to convert mysql to PG, making software patches...
you get the picture.
XLSuite looks very promising. Awesome interface, looks great... only
it's just not ready yet. It is a year away from being at full PG
production level.
Compiere doesn't support PG.
OpenTAPS the demo won't even work. And it's US-centric whereas we are in
the UK. A pity that it's so very much tied to the US as it could be very
good.
I have tried numerous other CRMs but all the same - either don't run on
PG, claim to but in reality don't or are simply pre-Alpha and not ready
for production use.
So if anyone has actually cracked this, please let me know! I really
need a goodCRM.
It has to be OpenSource, not just out of principle, but we need to
integrate it into an existing business with established inhouse software
so we need to be able to customise the code.
Thanks,
Brad
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
--------------------------------------------------------------------
** LEGAL DISCLAIMER **
Statements made in this e-mail may or may not reflect the views and
opinions of Wineman Technology, Inc. or its employees.
This e-mail message and any attachments may contain legally privileged,
confidential or proprietary information. If you are not the intended
recipient(s), or the employee or agent responsible for delivery of
this message to the intended recipient(s), you are hereby notified
that any dissemination, distribution or copying of this e-mail
message is strictly prohibited. If you have received this message in
error, please immediately notify the sender and delete this e-mail
message from your computer.
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
message can get through to the mailing list cleanly- Hide quoted text -
- Show quoted text -
Take a look at QueWeb from Queplix. It is mostly for Service/support
and Customer Care, limited SFA, as Queplix does not focus on sales but
rather on post-sales processes. It has an enterprise and OSS versions
(GPL license). Enterprise is run by many Fortune-500. OSS version is
posted on code.google.com/hosting. Look it up there. It is J2EE based.
Enterprise version works with all major databases (and PG), however
the OSS version comes with installer for JBoss and MySQL only.


---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq
Frank Finner
2007-05-07 18:27:33 UTC
Permalink
You mention Compier not running on PG. Did you look ad ADempiere (http://www.adempiere.com/)? Its a fork of Compiere which claims to run especially with PG (though I did not yet have the time to test it).

Regards, Frank.
Post by syaskin
Why is running on PG so important? Why not look for the bestCRM
application for your user's needs?
--
Brandon Aiken
CS/IT Systems Engineer
-----Original Message-----
Sent: Thursday, March 08, 2007 8:22 PM
Subject: [GENERAL] Anyone know a good opensourceCRMthat actually
installs with Posgtres?
I hope that someone has cracked this one because I have run into a brick
wall the entire week and after 3 all-nighters with bad installations, I
would appreciate hearing from others!
I am looking for a decent OpenSourceCRMsystem that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-centric
and its opensource parts are very restricted.
vTiger is also mySQL-centric.
I thought that I had a corker of a system with "centricCRM" but when it
came to actually installing it, I am 48 hours down and hacking through
screen after screen of installation errors. Basically, it relies way too
much on ant and Java tools. Nothing against Java but my experience with
ant used for installing PG schemas is a dismal track record of error and
frustration. centricCRMis no exception. Frankly, it just doesn't work
and after trying to hack out the ant into a PG script I have decided to
give it up as a bad job.
XRMS promises to run on PG but... it doesn't. The core system is fine,
but useless without the plugins. The Plugins are mySQL-specific again, I
spent several all-nighters previously hacking through installation
screens attempting to convert mysql to PG, making software patches...
you get the picture.
XLSuite looks very promising. Awesome interface, looks great... only
it's just not ready yet. It is a year away from being at full PG
production level.
Compiere doesn't support PG.
OpenTAPS the demo won't even work. And it's US-centric whereas we are in
the UK. A pity that it's so very much tied to the US as it could be very
good.
I have tried numerous other CRMs but all the same - either don't run on
PG, claim to but in reality don't or are simply pre-Alpha and not ready
for production use.
So if anyone has actually cracked this, please let me know! I really
need a goodCRM.
It has to be OpenSource, not just out of principle, but we need to
integrate it into an existing business with established inhouse software
so we need to be able to customise the code.
Thanks,
Brad
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
--------------------------------------------------------------------
** LEGAL DISCLAIMER **
Statements made in this e-mail may or may not reflect the views and
opinions of Wineman Technology, Inc. or its employees.
This e-mail message and any attachments may contain legally privileged,
confidential or proprietary information. If you are not the intended
recipient(s), or the employee or agent responsible for delivery of
this message to the intended recipient(s), you are hereby notified
that any dissemination, distribution or copying of this e-mail
message is strictly prohibited. If you have received this message in
error, please immediately notify the sender and delete this e-mail
message from your computer.
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
message can get through to the mailing list cleanly- Hide quoted text -
- Show quoted text -
Take a look at QueWeb from Queplix. It is mostly for Service/support
and Customer Care, limited SFA, as Queplix does not focus on sales but
rather on post-sales processes. It has an enterprise and OSS versions
(GPL license). Enterprise is run by many Fortune-500. OSS version is
posted on code.google.com/hosting. Look it up there. It is J2EE based.
Enterprise version works with all major databases (and PG), however
the OSS version comes with installer for JBoss and MySQL only.
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
--
Frank Finner

Invenius - Lösungen mit Linux
Köpfchenstraße 36
57072 Siegen
Telefon: 0271 231 8606 Mail: ***@invenius.de
Telefax: 0271 231 8608 Web: http://www.invenius.de
Key fingerprint = 90DF FF40 582E 6D6B BADF 6E6A A74E 67E4 E788 2651
Richard P. Welty
2007-05-08 00:33:56 UTC
Permalink
Post by Frank Finner
You mention Compier not running on PG. Did you look ad ADempiere (http://www.adempiere.com/)? Its a fork of Compiere which claims to run especially with PG (though I did not yet have the time to test it).
i did a test install of Adempiere against PostgreSQL on a FC5 box a
while back.

the installation process is kind of a pain, the docs aren't real good,
but eventually i did get a reasonably functional version of Adempiere
working. It all pretty much seemed to be there.

richard


---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
Mariano Mara
2007-05-08 03:06:58 UTC
Permalink
Post by Richard P. Welty
Post by Frank Finner
You mention Compier not running on PG. Did you look ad ADempiere
(http://www.adempiere.com/)? Its a fork of Compiere which claims to
run especially with PG (though I did not yet have the time to test it).
i did a test install of Adempiere against PostgreSQL on a FC5 box a
while back.
the installation process is kind of a pain, the docs aren't real good,
but eventually i did get a reasonably functional version of Adempiere
working. It all pretty much seemed to be there.
richard
I second Frank on this: Adempiere is starting to be really PostgreSQL
oriented (they started with Oracle). You can reach the Adempiere
developers at #adempiere in irc.freenode.org. Maybe they don't mind a
few questions.




---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

lneves
2007-03-09 08:14:00 UTC
Permalink
Hello,
Post by Bradley Kieser
I hope that someone has cracked this one because I have run into a brick
wall the entire week and after 3 all-nighters with bad installations, I
would appreciate hearing from others!
[...]
Post by Bradley Kieser
Compiere doesn't support PG.
You could checkout Adempiere wich is a fork of Compiere:
<http://www.adempiere.com/>

They claim to support PG and they are actively improving on that:
<http://www.adempiere.com/wiki/index.php/Release_315>

Download location:
<http://sourceforge.net/project/showfiles.php?group_id=176962&package_id=207834>
Post by Bradley Kieser
I have tried numerous other CRMs but all the same - either don't run on
PG, claim to but in reality don't or are simply pre-Alpha and not ready
for production use.
On the surface Adempiere seems to meet your requirements but I never used it so I
can't tell if its another dead end.

--
Luis Neves


---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
Rich Shepard
2007-03-10 15:59:49 UTC
Permalink
Post by lneves
Post by Bradley Kieser
I hope that someone has cracked this one because I have run into a brick
wall the entire week and after 3 all-nighters with bad installations, I
would appreciate hearing from others!
<http://www.adempiere.com/>
I'll look at this, too.

Last year I spent a lot of time seeking a CRM (for sales, not web site
content) that worked with postgres and ended up frustrated. XRMS is supposed
to (it's written in PHP and uses the ADODB interface layer, but since the
company officially supports only mysql, they have too much mysql-specific
code in there.)

Then there's ZohoCRM, which _does_ use postgres. But, it will work only
with the 8.0.x version they provide. That means we'd have to have both our
current versions and a second full installation of an older version to run
their software.

I wrote to Zoho about this. Did not get a response. Weeks later I received
an e-mail from someone there asking about my experiences with it. My
response was that I could not install it because no one there told me how to
modify it to use my existing postgres installation. No response to that,
either. I suppose I could look at the code, but I have to spend my time on
my own business and not figure out how to make someone else's project work
here. Why they welded the application to a specific postgres version that
must be installed from their web site I've no idea. Doesn't make any sense
to me.

Rich
--
Richard B. Shepard, Ph.D. | The Environmental Permitting
Applied Ecosystem Services, Inc. | Accelerator(TM)
<http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings
Bricklen Anderson
2007-03-12 20:33:23 UTC
Permalink
Post by Bradley Kieser
I hope that someone has cracked this one because I have run into a brick
wall the entire week and after 3 all-nighters with bad installations, I
would appreciate hearing from others!
I am looking for a decent OpenSource CRM system that will run with
Postgres. SugarCRM seems to be the most popular but it's MySQL-centric
and its opensource parts are very restricted.
<snip>
Post by Bradley Kieser
So if anyone has actually cracked this, please let me know! I really
need a good CRM.
It has to be OpenSource, not just out of principle, but we need to
integrate it into an existing business with established inhouse software
so we need to be able to customise the code.
Thanks,
Brad
A coworker of mine (Ryley Breiddal) did some coding and testing for the
SugarCRM PostgreSQL port, in conjunction with Jason Felice. We have been
running it for a few months with no major problems.

http://eraserhead.net/sugarsuite-pgpatch/

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings
Loading...