I have a postgresql 11 instance that need to share with the client, it's ok to let the client do whatever they want except the accounts.
if the client modifies the pg_hba.conf, they can connect without password, is there any way to disable pg_hba, making it no way to connect without password?
PS: the client has the host access
Related
I'm working on many projects simultaneously, and some have some passwords defined as default, which can vary along projects. I've got postgresql installed on my (Ubuntu) laptop and of course I'm only using it locally for devving.
I know it's horribly insecure, but I don't expose postgres remotely. So to make things easier I would like the postgresql server to accept ANY password it is given for the postgres user. Is there any way that I could do this?
Set trust for all you local connections in pg_hba.conf like e.g
local all all trust
After editing, restart the postgresql service.
I can't seem to connect to Cloud SQL with Workbench. I keep getting this error.
Failed to Connect to MySQL at CLOUD-SQL-IPv4:3306 with user root
Access denied for use 'root'#'WHITE-LISTED-IP-ADDRESS' (using password: YES)
I have white listed my IP.
I have set an IP for the SQL instance.
I have checked the username and Password several times.
Any idea why this is happening?
It seems you have to create a new user in the Google Cloud Console with the host name set to %(any host). You can't seem to connect using the root user.
Is it possible to connect with the #root user but after you finish the setup you have to restart the sql server.
What is important to set up an SSL certificate if you connect to you production database, but if you only try it out you can allow unsecured connection. Another important thing is to add your IP to the Authorised Networks in the Connection tab.
I have two databases set up as part of the same Postgresql 9.4 database cluster, and I'm trying to access a table in one of them from the other using a postgres_fdw. I have it all set up and working as a superuser, however when I try to access the foreign table as a normal user, I get the following error:
ERROR: password is required
DETAIL: Non-superuser cannot connect if the server does not request a password.
HINT: Target server's authentication method must be changed.
Now I understand that this is because I have the server set up with trust authentication for certain subnets, including Its own. However, in the 1 USER MAPPING I created, I did specify a password, with the hope that doing so would force it to use password authentication. No such luck apparently.
As such, my question is if there is any way around this somewhat onerous requirement? Is there a way to force this connection, or a specific user, or the like to use password authentication? Or some way to disable the requirement? Or is my only option to change the configuration to require passwords, and deal with whatever that breaks?
As Nick Barnes pointed out in a comment, pg_hba allows different authentication rules for specific users. As such, the solution to this issue was to simply create a user specifically for these FDW connections, and set that user in the pg_hba.conf to require a password. That way my trusted web apps on the trusted network can continue connecting as usual, but the FDW can get the password request it requires.
You can't force FDW to use a password: the server on the other end must request the password. the usual default for local socket connections is no password.
Try connecting via TCP instead of using local sockets: add host=localhost to the connection parameters, that will usually fix it.
I have a MySql database that is running on a linux server. The DB is not password encrypted.
I understand that no password != empty password.
I installed mysql workbenck on my windows laptop and am trying to connect to my database. It doesn't allow me to.
Details:
Connection method: Standard (TCP/IP)
Error: Cannot connect to Database server
Your connection attempt failed for user'root' from your host to server at 3306
Host is not allowed to connect to this MySql Server.
I am supposing it might be a windows firewall issue.
Please can somebody help me resolve this.
The error message says it clearly: the machine you are connecting from is not allowed to connect. In a MySQL server you can create users with specific IPs they can connect from. Often only localhost access is enabled (user#localhost or user#127.0.0.1 or user#::1), sometimes anyhost (user#%). In order to connect from your Windows machine your user must either be allowed to connect from any host or you need a specific user for the IP address of your Win machine.
The error because the mysql server is not starting in your computer.so you can start it manually..do the following steps,
1.download and install wamp server according to your bit version(32bit or 64bit) in your computer(http://wampserver-64bit.en.softonic.com/) this link allows you to download wamp server for 64bit.
2.As soon as you install it you can double click and run it..(you can see a icon in the right hand of the taskbar.It may be hide.so you can click the arrow which dhows you the hide apps runing).So click the icon and go to Mysql
3.Then go to Service and there you can find Start/Resume Services click on it..
4.And now it is done.Open mysql workbench and see.It will work..
You should create an specific user for accesing from your laptop:
CREATE USER 'youruser'#'machine.domain.com' IDENTIFIED BY 'your-password';
GRANT ALL PRIVILEGES ON *.* TO 'youruser'#'machine.domain.com' WITH GRANT OPTION;
Or you could create an user for accesing from anywhere
CREATE USER 'new_user'#'%' IDENTIFIED BY 'my-password';
GRANT ALL PRIVILEGES ON *.* TO 'new_user'#'%' WITH GRANT OPTION;
I have a mongodb running in my server, for local connections to the db I don't need any password to protect it(that is within the same physical machine, meaning connect to the server thru the 127.0.0.1 ip address).
But I don't want other people in the network be able connect to my database without password, only the authorized user. So I want to do password protection for the remote user.
How to do it?
Right now monogdb does not support authentication mode based on the user location. So that means if you run mongod with --auth that will apply to everyone.
There are no (yet) advanced authentication schemas like IP, protocol source, etc. For now you can only define if the user has read only or write permissions on a database. So basically the only thing mongodb cares is if you typed the right password for the right user.
Personally in all production environment I would recommend to use the secure mode, because even if you allow only connection from a localhost any users who has access to the local server or any malicious script on the host can easily wipe all your data.
The MongoDB Security and Authentication page has information on configuring user authentication and firewall settings.
Note that when you enable password authentication for a database, the authentication requirement will apply to both local and remote users (so you will also need to connect with a password through the local IP).
MongoDb does not offer an easy way to protect the database. I assume this is the reason why there are tens of thousands of mongodb instances on the net that are unprotected for hackers