The windows ESE engine API call JetAttachDatabase have a readonly option. Can I use this to mount a database that is already mounted by another process?
The answer is almost certainly "no". ESENT databases are single-process only, unless all processes are using the database read-only. The other process has probably attached the database read-write so you won't be able to.
Related
I noticed that the files in the data/ directory, hosting the databases and collections, are the r permission for others.
So basically, anyone can read the data! Isn't it strange, or is it something I'm missing?
I found no solution to change this behavior in the mondodb configuration (ubuntu 18.04). When you search mongodb file permissions, you will find threads about user permissions inside the database.
Thank you!
Im going to assume you're using WiredTiger, the default storage engine for mongo. Either way, the same concept applies.
You'll see the .wt files (the ones you're talking about), although readable by permission, are not very readable to the eye. Try look for yourself with less <example>.wt.
They're stored in a specific format, with compression and some encryption. Realistically, they shouldn't be able to be retrieved from outside of your server - and your users in the server should trusted, or given limited access to the locations of these files.
In short, if you apply the proper policies, and keep your actual database and server secure, then this is normal and expected. I hope this makes sense.
When you launch mongod you need to specify a path to the data directory, and this directory must already exist.
You can set the permissions on this directory to deny world-read access by running:
chmod o-rwx /path/to/data/dir
Normally this would be done prior to the first start of mongod.
Once this is done, none of the files in the data directory will be world-readable regardless of their individual permissions.
MongoDB does not need to have a provision to do this because it never creates the data directory.
A different way of accomplishing similar end result is to use umask, but changing permissions on data directory generally would be more reliable.
we are using 2018.3 version of Tableau Server. The server stats like user login, and other stats are getting logged into PostgreSQL DB. and the same being cleared regularly after 1 week.
Is there any API available in Tableau to connect the DB and take backup of data somewhere like HDFS or any place in Linux server.
Kindly let me know if there are any other way other than API as well.
Thanks.
You can enable access to the underlying PostgreSQL repository database with the tsm command. Here is a link to the documentation for your (older) version of Tableau
https://help.tableau.com/v2018.3/server/en-us/cli_data-access.htm#repository-access-enable
It would be good security practice to limit access to only the machines (whitelisted) that need it, create or use an existing read-only account to access the repository, and ideally to disable access when your admin programs are complete (i.e.. enable access, do your query, disable access)
This way you can have any SQL client code you wish query the repository, create a mirror, create reports, run auditing procedures - whatever you like.
Personally, before writing significant custom code, I’d first see if the info you want is already available another way, in one of the built in admin views, via the REST API, or using the public domain LogShark or TabMon systems or with the Addon (for more recent versions of Tableau) the Server Management Add-on, or possibly the new Data Catalog.
I know at least one server admin who somehow clones the whole Postgres repository database periodically so he can analyze stats offline. Not sure what approach he uses to clone. So you have several options.
I am aware that I have to add the IP addresses of remote hosts in pg_hba.conf file and restart the PostgreSQL server for changes to take effect.
But I would like to get a list of hosts currently allowed for the host-based authentication, directly from the server that is already running.
Similar to how I can get the max_connections setting using show max_connections;, I would hypothetically imagine it to be something like show hosts; or select pg_hosts(); (neither really exists).
Is this possible?
EDIT: I understand exposing the hosts would present a security risk. But how about the psql utility invoked directly in the database server's terminal? Does it have a special command to get the list?
The psql command at the terminal has no permission to get the list. Only the PostgreSQL database does.
The best way to do this (if you really must) is to create a PL/PerlU function which reads the pg_hba.conf and parses it, and returns the information in the way you want it. You could even build a management system for the pg_hba.conf with such functions (reloading the db might get interesting but you could do this with a LISTEN/NOTIFY approach).
Note, however, if you do this, your functions have a security footprint. You would probably want to just revoke permission to run the functions from public, grant access to nobody, and thus require users be superusers in order to run the functions. I would personally avoid exposing such critical information to the db unless there was a compelling reason but I could imagine that there could be cases where it might be helpful on balance. It is certainly dangerous territory however.
My database is hosted in a shared hosting. I connect my database remotely in Management Studio Express. Whenever i try to connect to sqlserver instance it shows all the databases that are hosted in that server instance. This annoying to find out your database out of 400 database of the other users all the time.
Is there a any way to filter down the list of databases to those i won or have permission ? i don't want to see databases that i don't have permission or i don't own.
Remember my database is hosted in a shared hosting and as a user i have limited privilege.
I've researched a similar issue and the only method I've found that works for this is a little hackish, however it may work for you in this case. If you (or the administrator of your shared host) is able to make your login the DBO of your database, and then also DENY VIEW to all databases for your login, you should only see the database that your login owns when you connect. So the t-sql would be:
`USE AdventureWorks2008R2
ALTER AUTHORIZATION ON DATABASE::AdventureWorks2008R2 to TestLogin
USE MASTER
DENY VIEW ANY DATABASE TO TestLogin`
Not sure if this is a fit for your scenario, and definitely not saying it is a best practice, but maybe it helps!
I have created the solutio for this problem in SSMSBoost add-in for SSMS (I am the developer of this add-in).
There is a special "Smart connection switch" combobox on the toolbar, that you can configure to show your favorite connections (Preferred connections), also you can display all local databases, BUT only those, that you can access.
I want to use Java DB in embedded mode in a Java application running from a CD-ROM. Does anyone have any experience of doing this? Will it work? The database will only have selects issued against it.
This is possible: Deploying the database on the read-only media
Also I have noted select statements work when the database is owned by root with all write access withdrawn and is accessed by a non-privileged user.