I created a web app and i want it to go live so my question is: Where should the sensitive credentials be stored? I mean like database username (user) and password and other admin data?
Should I store them in env variables and if yes, if someone get access to the server whouldn't my data be compromised?
Related
i want to make login method without Firebase.
i read about greenrobot database instead of Firebase database.
my question is that greendao online or it's local database?
For example two users using the app and entered the same email so the application show email already in use.
Can i do it in greenrobot database?
I can see there is a user from my aws rds console,
AWS Console -> RDS -> Databases -> Configuration -> Availability
But I forgot what was the password of this user? How can I see/ retrieve the password? Moreover how can I add new users for my existing database?
I think there is no way to recover the lost password, but you can Not sure you can recover, but you should be able to reset it.
Creating new uses is done from inside the db. You login as a root, and they you create new users with their passwords using db-specific sql statements for that. For instance for mysql you have CREATE USER statement.
I've recently created a App Service + SQL in my Azure account and I want to give access to some external user, maybe using SQL authentication with username and password. I know I must allow this user IP, but I cannot find where I can create credentials or a new user for him.
I've tried creating a new login and user using SQL statements but I can't access master database.
Is what I'm trying to do possible?
Thanks
There's no need to grant users access to Master. Instead connect to the target database as an administrator and simply add the user using CREATE USER
CREATE USER SomeUserName WITH PASSWORD = 'somestrongpassword123'
See generally Controlling and granting database access
I'm trying to find a tutorial or help for solve this scenario.
In my MVC 4 application I want to have a Database where I store login information (username, password, connection strings ).
When User Login success, I want to open database with connection string stored in User Table, and get the policy from specific database (this database also contains the application data).
This means that a user can access to multiple database, and have different policy on every database.
Administrator can create a new user on Login Database, associate user with databases, and set policies for every Database.
Someone can help me or know a tutorial for doing that.
Thanks
I spent a long time yesterday to configure for my CouchDB instance in order to create a little app and letting CouchDB manage authentication and authorizations for me.
So I ended up with something like that :
On top of everything I've got a server admin, who basically is god on my CouchBD instance.
Then I created a database named "mydatabase" (for example) and added the role "mydatabase_dba" as admin and also the role "mydatabase_user" as reader.
I also created a database named "_users" which contains all the database admins and users with their roles and also a design document named "_auth" which manages authorizations.
Only the server admin is admin of this database, and I added users with role "mydatabase_dba" as readers. Then, for those of you who knows about it, I modified the "validate_doc_update" field o the "_auth" document so that users with role "mydatabase_dba" can only deals with users with role "mydatabase_user".
So, to summarize at this point :
server admin is still god
users with role "mydatabase_user" can connect to "mydatabase" but they are just readers
users with role "mydatabase_dba" are admins of "mydatabase"
users with role "mydatabase_dba" can connect to database "_users" where they are readers
users with role "mydatabase_dba" can only manage users of role "mydatabase_user" in "_users"
Hope this is clear :D
What I can do now is create an application that will not manage users itself, but let users connect to CouchDB directly (transparently).
The problem come when it deals with users creation/update/deletion.
Because only users with role "mydatabase_dba" can access to the "_users" database and work on users with roles "mydatabase_user", I need at some point to connect to CouchDB as this db admin.
I have two solutions :
Create a user interface into my app that will let the admin connect and do what he has to do
or
Make some more code and let the app do it automatically, this is the solution I prefer, but the problem is : I have to store the admin credentials...
Sorry for the long introduction but I had to describe the landscape first :)
I created a post yesterday about how I could secure the connection between my app and the CouchDB instance : here
The solution I was given is to use HTTP over SSL (/TLS) to secure the communication. I'm okay with that, but now I have another concern, maybe I'm paranoid, but because my app will need to connect as "mydatabase_dba", I have to store its credential somewhere.
But how to store them securely ? As said in my previous post, even if I store the hashed password instead of the plain text password, if an attacker access my app source code, he'll have my admin credentials...
An application should never have an administrative rights. It should only be given the bare minim rights it needs to function. If the application needs some administrative rights, make sure it has as few as possible. Other than that, most of the time these credentials are stored in plain text in some file that only your application can access.
Never commit this text file into your source code manager (Subversion, Git, etc.)! Placing the file into a running system must be a step in the installation procedure.