I'm trying to restore the database with the maintenance script provided. But there is a check in the script which doesn't allow me to restore if the user is postgres.
Any reason for that ?
It is a custom to not use the postgres user in this case. Similar to the custom that when operating a linux server, you use a user account instead of the root account.
You can remove the passage from the script if you want to proceed anyway. However, cookiecutter-django should have generated a .env/.production/.postgres file with a different username than postgres.
Related
i followed this solution to run customer django command programmatically , but it is limited for just one database connection.
I have django app configured with multiple database , is it possible to run custom django command using specific database connection?
exactly like when we use connections["DB_NAME_CONNECTION"].cursor() to execute an sql query
thanks a lot for your help!
One option is to create a new settings module (here's a guide) that contains your specific database connection configuration, and then use that settings module when using call_command():
management.call_command('mycommand', '--settings=mysite.settings.specificconnection')
So I am currently building a project with Django and will need to change the admin email to someone higher up in my division. However I am not sure who's email that will be as they are not sure yet either. If I put my email in now (as I will need to be using it when building the app), can I change it once it is ready to be delivered?
There is no limit to the number of admin accounts you can make. When the time comes to transfer ownership, simply create a new super user and use it to delete the old one.
python manage.py createsuperuser
I'm trying to build a Dockerized CouchDB to run in AWS that bootstraps authentication for my app. I've got a Dockerfile that installs CouchDB 1.6.1 and sets up the rest of the environment the way I need it. However, before I put it on AWS and potentially expose it to the wild, I want to put some authentication in place. The docs show this:
http://docs.couchdb.org/en/1.6.1/api/server/authn.html
which hardly explains the configuration properly or what is required for basic security. I've spent the afternoon reading SO questions, docs and blogs, all about how to do it, but there's no consistent story and I can't tell if what worked in 2009 will works now, or which parts are obsolete. I see a bunch of possible settings in the current ini files, but they don't match what I'm seeing in my web searches. I'm about to start trying various random suggestions I've gleaned from various readings, but thought I would ask before doing trial and error work.
Since I want it to run in AWS I need it to be able to start up without manual modifications. I need my Dockerfile to do the configuration, so using Futon isn't going to cut it. If I need to I can add a script to run on start to handle what can't be done there.
I believe that I need to set up an admin user, then define a role for users, provide a validation function that checks for the proper role, then create users that have that role. Then I can use the cookie authentication (over SSL) to restrict access to my app that provides the correct login and handles the session/cookie.
It looks like some of it can be done in the Dockerfile. Do I need to configure authentication_handlers, and an admin user in the ini file? And I'm guessing that the operations that modify the database will need to be done by some runtime script. Has anyone done this, or seen some example of it being done?
UPDATE:
Based on Kxepal's suggestion I now have it working. My Dockerfile is derived from klaemo's docker-couchdb, as mentioned below. The solution is to force the database to require authentication, but a fresh install starts out as Admin-Party. To stop that you have to create an admin user, which secures the system data but leaves other databases open. First, create an admin user in your Dockerfile:
RUN sed -e '/^\[admins\]$/a admin=openpassword\n' -i /usr/local/etc/couchdb/local.ini
(just following klaemo's sed pattern of using -e) and when CouchDB runs it will salt and hash this password and replace it in the local.ini file. I extract that password and replaced "openpassword" with this so that my Dockerfile didn't have the password in plain text. CouchDB can tell by the form of it not to hash it again.
The normal pattern to now secure the other databases is to create users/roles and use them in a validation function to deny access to the other databases. Since I am only interested in getting a secure system in place for testing I opted to defer this and just use the settings in local.ini to force everyone to be authenticated.
The Dockerfile now needs to set the require_valid_user flag:
RUN sed -e '/^\[couch_httpd_auth\]$/a require_valid_user = true\n' -i /usr/local/etc/couchdb/local.ini
And that requires uncommenting the WWW-Authenticate setting:
RUN sed -e 's/^;WWW-Authenticate/WWW-Authenticate/' -i /usr/local/etc/couchdb/local.ini
Which, since the setting shows Basic realm="administrator" means that the NSURLProtectionSpace in my iOS app needs to use #"administrator" as the realm.
After this I now have a Dockerfile that creates a CouchDB server that does not allow anonymous modification or reading.
This hasn't solved all of my configuration issues since I need to populate a database, but since I use a python script to do that and since I can pass credentials when I run that, I have solved most problems.
To setup auth configuration during image build, you need to check not API, but configuration for server admins. TL;DR just put [admin] section into local.ini file with your username and password in plain text - on start, CouchDB will replace password with it hash and CouchDB wouldn't be in Admin Party state.
P.S. Did you check docker-couchdb project?
I have a django app that works with .csv files as database, in these files i have the users of the system (i can't change that), i need to implement security (a login) in the site. Any idea?
Your question is very vague and you didn't ask for specifics so here is a general overview of what you'll need to do.
If you intend to use django's built-in authentication system then you'll have to setup a database; even if its sqlite. Once you have setup a database, run manage.py syncdb to create the necessary authentication tables (by default, the settings.py that django creates is already setup for the authentication system, so you don't have to make any other changes).
Once you have that done, you'll have to write a fixture to load the users from the csv file into the authentication tables. You can read up on that in the documentation under providing initial data for models.
Now you are ready to set passwords and permissions. Your next task will be to make sure that the csv file is in sync with the authentication tables if there a change in the csv file.
I want to restrict access to all but a few selected files per a user, but if I type: /media/userdocuments/FILENAME django happily spits back the file for even users who aren't logged in. How can I integrate the permission framework to work around this?
Thanks!
EDIT: I realize that the django development server is insecure, so I guess the question is: How would I do that in a production environment with apache, lighttp, etc.
Use RewriteMap along with a script that connects to Django and verifies permissions, rewriting to a "disallowed" URL on auth failure.