After doing an initial installation and setup of PostgreSQL, what is considered "best practice" when it comes to an admin account?
You have the postgres user, of course. Do people set a password on this account and use that for administration purposes both locally and remotely trough tools such as pgadmin?
Or do people create a dedicated account for administration purposes, and only use Postgres locally?
Related
So, I've been looking around for more details, but can't find it.
I have a AWS RDS Postgresql cluster. In the typical sense, when I want to add a login to my database, I use the
create user xxxx with password 'yyy'
then I grant that user access to the tables and other rights.
Now, I tried to add another user with secrets manager linked to this RDS database.
I'm not sure what to do next....should that new user I only created in secrets, appear in the login for the database, because I don't see it? How would we grant access to the tables and other things for that user?
I just installed postgresql in Ubuntu 18.04 and been going through the official guide. Things I understand:
The installation comes with the default postgres user
We should not create databases with this default user
Instead we should create a different user
The questions I have are:
Why is this so?
Should the new user name I create be same as my ubuntu user $(whoami) ? Or should it be different ?
Should this new user be a superuser ?
When I have to delete or create databases/tables, do I have to log in to this newly created user or the default postgres user?
You should read the documentation, this is no substitute.
It is ok to use the user postgres to create databases.
Ideally there should be no remote connections with user postgres (block it in pg_hba.conf).
Never let an application connect as superuser.
You should create other database users that are not superusers to create objects and work with them.
The name of the database users has no connection to the name of your operating system users.
For maximum safety, create objects with one user and let your application connect with a different user that has the required permissions on the objects.
I would like to connect to a hosted remote mySQL DB (mariadb 10.1.39). I use the available fusionauth docker images (app and search) from docker hub and the published docker compose file. The db hosting provider does not grant superuser credentials. The assigned user rights should be sufficient to maintain the tables of the schema. Unfortunately, using the docker container mysql superuser credentials seems to be mandatory.
I imported the DB dump of a local (dockerized) mariadb (10.1.40) to the remote db. Username and schema name are the same local and remote. I tried not to provide DATABASE_ROOT_USER with the docker-compose yaml, but this approach ends in maintenance mode.
Is there an approach to connect to a remote mysql db without superuser credentials?
We will be enhancing our automated setup to better support external db service providers. See https://github.com/FusionAuth/fusionauth-issues/issues/95
Your current option is to create the schema manually. https://fusionauth.io/docs/v1/tech/installation-guide/fusionauth-app#advanced-installation
You may also try to use your user credentials in the superuser fields, it may work.
I have several Heroku Postgres databases that I want to access using pgAdmin4. I'm using version 4.2. I used this link to learn how to hide the databases I don't have access to. I have all the databases entered in DB restriction. However when I connect to the Heroku database, only the maintenance account appears in the list of databases. I updated the password file in advanced properties with my .pgpass file. It still only lists the maintenance database.
I've searched here, the Database Administrators Stack Exchange, and the pgAdmin instructions but have not found anything.
I have the following code which connects to a database on my remote server (the connection script resides on the same server):
Database::$ErrorHandle = new PDO('pgsql:host=111.222.33.44;dbname=mydatabase;', 'postgres', 'mypassword', $db_settings);
The problem is I can change the password to be anything at all and the connection is still made! Like seriously what the hell!?!
Can my database be connected to (providing you know the IP and db name) by anyone from a PHP script running on a different server?
How can I enforce passwords, I have looked at the following stack overflow page and did what they said but still no luck:
How to change PostgreSQL user password?
I am running Ubuntu 12.04 server with PHP 5.5 and Apache2
Off course your postgresql database can be properly configured to only connect with authenticated users even certain users (Roles in Postgres) from certain IPs/sockets.
Some considerations:
Do you see data? Or can you just connect to the server? Can you list the databases?
Look at your pg_hba.conf and setup the proper permissions, per role per database per source
Did you grant access to the mydatabase to everyone? Which roles did you grant access?
Does the database have its tables in the public scheme? And granted access to the public?
Yes, with this configuration everyone who knows your IP and database name can connect to your database.