I would like to use a service with our Database, but it doesn't support Amazon RDS IAM Database authentication. My plan is to have a mock-database that only has tables it needs from the original postgres DB, and to have a script that refreshes the service's user's password on the real DB every time it expires (15 minutes).
What happens when I call ALTER USER MAPPING on the Foreign User? Does it reconnect to the server with a new username and password?
Yes, when you change the userid or password using ALTER USER MAPPING, it will reconnect the user. It may wait until the user actually requests something to authenticate, but the user will not know the difference.
Related
I created a password manager in flutter, which stores password encrypted passwords in an db. I access this db via the backend, which is written in python. As a user in the app, you are able to set a master password, which after each login is passed to the backend, to encrypt the data. I now want to add sign in with google functionality (firebase authentication), so that you don't need to type in your master password every time. Is it possible to receive something like a key or a token from firebase after each successful google-login which you can use instead of the master password?
I noticed already that there is this uid in the firebase user class (which i receive from FirebaseAuth.instance.signInWithCredencial(google_sign_in_credencial) in the google registration progress) which is unique for every user, but i dont think that this is secure enough to replace this sensitive master password. I also heard from JWT Authorization, but i am not sure, if it's the right thing for that.
I create users or roles with login, but when the user login for the first time in the database, (pgadmin) doesnt ask to change the password.
I need use password expired in the first login, is it posible?
PostgreSQL has no provision for forcing a password change, neither by timeout nor by any other means.
The best you can do is to set a VALID UNTIL on the user and write them an e-mail that they should change the password before the user expires. As soon as they report back, you can remove the VALID UNTIL.
You can set the password to expire as soon as the role is created.
create role testrole2 password 'test' valid until '2019-11-11 15:23:00.533249+00';
https://www.postgresql.org/docs/current/sql-createrole.html
I have a database with an owner for it. My problem is that, though i have assigned a password for the owner, any other db user can access this database locally, even without password.
How can i configure the database so that only a specific user has access to it (only with right password)?
We are using mongodb , and i want to know when the password for my mongodb user expire , is their any way we can check the life time of the password .
Can you please anyone provide any query or command , that we can use to check the password life time for mongodb
If you're referring to username/password for MongoDB Server Authentication, currently there is no expiration time. There is an open tracking ticket SERVER-3197 for a feature to expire passwords after a period of time. Feel free to upvote/watch the ticket for progress update on the ticket.
If you want database users to be able to change their own passwords a custom role needs to be created, see Tutorial: Change Your Password And Custom Data
I have a separate dbusername and dbpassword for each login user in a Play framework Scala application. Login credentials are first checked by against a stored Postgres database username and password. After a successful login it gets the user's dbusername and dbpassword, and connects to the database. How should I store the dbusername and dbpassword after login in the Play framework? Can I use global variables?
To clarify what you are doing here:
You are using Postgres user credentials as your Play application
user credentials.
Database connections are authenticated with the user credentials, so you must be using database access control (i.e. GRANTs) for permissioning.
The first one is fine. The second is not, as it is not compatible with connection pooling. You would have to either: have a private connection pool per user (too many connections to your Postgres server), or open a new connection for every database access (slow). If your application will have more than a few users, I strongly recommend using the default database configuration in Play (single username/password in application.conf), which will use the built-in Play connection pool (i.e. the boneCP plugin). With this configuration, you would have a Postgres username/password for your Play application. You will have to implement permissioning in a different way.
To actually answer your question, here's the way to store information for a logged-in user:
On successful login, store a session id in the Play session (not the user name, the session cookie is not encrypted).
Store the user information in the cache, using the session id as part of the key. The cache is really a big global variable, so you were right about needing that!
For each request, check if the session id is in the session. If not, the user is not logged in, so redirect to the login page. If the session id is valid but not in the cache, the session has expired, so redirect to login.
Update: if you have a small set of database credentials (corresponding to user roles), you can just use normal Play database configuration as follows:
1.In application.conf, create a set of db config settings, one for each role. For example:
db.guest.driver=org.postgres.???
db.guest.url=???
db.guest.user=theguest
db.guest.password=secret
2.At login, look up the user role, and store it in the cached session, as above. Then get the database connection using the connection name, like this:
val role = getRoleFromSession(request) // e.g. role = "guest"
play.api.db.DB.withConnection(role) { implicit c => ... }
You should put the username/passwd into a configuration file, and use com.typesafe.config.ConfigFactory to load that info at runtime.