I am maintaining an Audit Log. I have like 1100 tables in my database. Problem is that I'd like to use triggers to store also the id of user who made those changes. And by id I mean id from node js application, not PostgreSQL user id. I am using PostgreSQL 9.3. Please provide the necessary help. Thanks in advance.
Related
I am developing an app in which user stores their data. I want to add option to allow user to connect their database (on their server) to the django project so that they can store their sensitive information. Eg:-
Data stored on my app database -> Name, Username, Email
Data stored on user database -> Phone, Bank Details etc.
I cannot configure user database credentials in settings.py as it will be dynamic and different for different users.
So, how do i accomplish this?
You can't have different databases for different users. The database is for the site.
In terms of security, people have access to the data you allow them to in the database. So if security is important, just structure the data in such a way that people can store what they need & only access what they're supposed to.
It sounds to me like you need to think about your database design to accomplish what people need, and then ensure the project keeps data restricted to the correct people.
I use sqlalchemy to solve the problem. I also integrated batch script and django views to create tables. If any one has the same issue, i can share the code.
Here is the quick link of sqlalchemy: https://www.sqlalchemy.org/
My company has decided to use FreeIPA in order to make available Single Sign On feature for our employees. I am not familiar at all with Kerberos/LDAP and similar because i have never used those technologies before.
We have 70 users - they have Windows OS machines and SSO should be used for several Python (Django) web apps, WordPress web sites and possibly for Roundcube web email and OpenVPN access. They don't have access to web servers at all so SSH accounts are not important for this story.
Our python web app has database table with users' data which is in relation with some other tables and it is very important for us to have every single user added to those tables (via our web app interface) because otherwise our app will not work properly.
Having that in mind, i would like to know if there is a way somehow to reference user from FreeIPA's database to our web app's and wordpress' databases, example below:
Not every user has access to every web app and not every user has the same privileges in those apps.
We have already defined user privileges in every web app separately and everything works perfect, so main aim is just to make avaliable SSO for our users. I don't want to bother with user groups and privileges in FreeIPA system, will be i able to avoid that?
When user gets Kerberos ticket i want those web apps to recognize his/her account which is referenced to corresponding user account in FreeIPA database, and so has certain privileges in those apps.
In this scenario it is obvious that i will have to add every new user two times - in FreeIPA database and in web app's database, but that's not a problem, i just want to connect/reference those user accounts somehow.
EDIT to Michael Ströder's answer:
As i see, i would have to add every existing user manually to FreeIPA with "--uid" command because FreeIPA gives those attributes to every user automatically. I agree, i would not use user names for UID but only integers. So, i have imagined to make it like this - i would have to link every user's uid number to application's DB user's table ID column. Let say, if John has UID #7 he should also have ID #7 in WordPress wp_users table, and that looks fine to me. I think i could easily manage this in my custom python app, but i'm unsure how to manage this in WordPress, is there some plugin that could be use for such things? I've found AuthLDAP but i'm not sure if that is the right way to do it? Thanks in advance
The usual way is to have unique and persistent user names (String), usually stored in attribute uid in FreeIPA (or other LDAP servers) and use this as key in your application's DB table.
Note that uid does not contain the POSIX-UID (Integer) which is actually stored in attribute uidNumber.
I'd strongly recommend not to derive user names stored in uid from personal names because these often change. Also you should never reuse user names.
FreeIPA also has attribute nsUniqueId which contains a UUID generated during creation of the entry. It will not be modified during life-time of the entry. If you want to use that you have to take care that entries are not deleted/re-created by an external identity management systems all the time.
(Other LDAP servers are using standard attribute entryUUID).
DB = Oracle 12
APEX = 4.2
We are moving clouds and the PROD version of the DB with the APEX tables was copied and implemented into another cloud.
I have been told the clouds are exactly the same.
When I try and log into APEX via the web page e.g:
Workspace = Internal
User = ADMIN
I cannot get in. I have tried my normal user and password and no success on any of the workspaces
At home I have installed APEX and have half an idea on what to do but I don’t have admin privileges on the DB. So I have to pass on the messages to the DBA.
So far I have asked the DBA to unlock:
APEX_040200
APEX_PUBLIC_USER
On the connections, Im using SQL Developer to migrate around the DB, the Hostname and Servicename have changed.
Would the change in Service and Host cause logging in issues.
Or, am I missing something obvious, is it a complete re-install, is there a procedure that can be run to update things??
Any tips appreciated
Cheers
C
In my defence I am not a DBA.
When I was told the DB was getting copied I assumed I did not need to do anything since all the data should be held in the tables and it would be a simple case of logging in as usual.
Life is never that simple.
So, when I tried to log in I kept getting errors i.e. invalid log in credentials.
Resolution:
1 DBA resets the ADMIN password and supplies me with the details
2 Go to Production and export all the workspaces etc
3 As ADMIN recreate myself in the INTERNAL workspace
4 Log into INTERNAL, as myself not ADMIN, and import the workspaces
Informatica Server was setup at our local server, but unfortunately nobody remembers the Admin Console password for user "Administrator".
1.) Using pmpasswd, I created an encrypted password and replaced the current one in PO_USERINFO table "POU_PASSWORD" field, in the database I found on my "Informatica_9.6.0_Services" log file, but the service would not restart. I had to revert it back for the service to run again.
2.) I have tried using default user name/ password combinations but they aren't working
Any suggestion is appreciated.
The only way to reset a lost admin password is at the database level. Informatica Support has a process for this if you contact them.
Do not alter the database yourself!!
I need to synchronize the users of a domain with a third party database.
Using the method users.list I can query for the complete list of users.
With the comlete list I can identify created users and deleted users. I don't find any way identify updated users.
Is there a way to identify updated users?
Use Users.watch. It lets you know of any changes made to users. When changes are made you can update your database.