I need to disconnect several former team members from our postgres database. I have seen several solutions which talk about disconnecting all users from the database. However, it would be preferrable if we didn't have to disconnect all users because that would mean disconnecting the current team members too. So my question is, how do I disconnet specific users who are connected to our postgres database?
select pg_terminate_backend(pid) from pg_stat_activity where usename in ('specific','user','name');
Related
I'm a new sql user (3 days) and I'm having some problems querying data from database tables I've created, whereas there is no problems querying the default 'postgres' database tables. My first thought was that it was a access/privilege problem, but had no effect. I did also notice that my database activity in the dashboard is always idle, whereas the default postgres database is always active. So it looks like my database is available but not connected. Can I choose which database to connect to? Ive been checking the docs, but can't find how to make my database active. Any help appreciated. Thanks
When you connect to PgAdmin to a Postgres instance you get to choose which database you want your queries to work against. You can see an example here.
If you cannot see your database once you connect to the instance you might either:
1) not have the db created in that instance.
2) not have permissions to view/access it. For this one you may need to ask to the administrator of the db for the relevant permission grants.
I am developing an web application in which i need to maintain the website in the local servers itself with the database in the computer itself , the local database will change periodically.There is a central database through which i have to access all the data in all the remaining DB's .
The problem is that even when internet connection is disabled, the local server will update the local database but when when it regains the internet connection it has to update the central database with the local modified data.
The tables( i mean the database schema, table names, attributes all) in all the DB's is same.The data should be appended if added any new ,should be deleted if any deleted and should be modified if any.
I am using MySQL server as DB, Apache Tomcat as server and using JSP, Servlets for business logic.
Please visit http://dev.mysql.com/doc/refman/5.1/en/replication-howto.html
Mysql replication might do the job but there are a few things that you have to consider, like:
the amount of data that has to be synchronized
the OS used on master and slave servers
because of the internet connection issue - why you disable internet connection? one option might be a scheduled job (crontab)
I have a rich client program installed on users PCs where I want to start storing some user created data on SQL Azure/SQL Server. The potential anonymous-to-me users would key in their name, email account and a password which would get stored on SQL Azure/SQL Server. Then they would start generating their own data. I'm anticipating volumes of maybe 1000 users.
There are times when those users would like to run their own queries against their own data but, obviously, I must ensure that they can never view other users data.
I'm thinking the best way to ensure security of data is for each user to be issued their own SQL Azure account and password. I will setup a SQL Azure user and long password, known only to me, which only has permissions to execute several stored procedures with appropriate parameters being passed to those SPs which will create the SQL Server accounts, logins and add the users to a role which I have created.
Obviously someone running debugging tools could figure out the user name and password but I'm thinking this isn't a big deal. If all that particular SQL Azure account can do is execute a few SPs so what if a malicious individual starts doing that. I will only allow a very limited amount of data to be uploaded before I require payment.
The users can only insert records using stored procedures which use the following:
SELECT #uName=SYSTEM_USER
and only select appropriate parent records. All stored procedures which users can execute would have the above as required to ensure they can only work with their own records.
All views will have embedded with them WHERE clauses such as
WHERE tbLoginName = SYSTEM_USER.
I'm new to SQL Server so I may be missing some fundamental concepts so I'd appreciate any and all comments.
The issue is, as pointed out on http://msdn.microsoft.com/en-us/library/ms189751.aspx:
In SQL Azure, only the server-level principal login (created by the provisioning process) or members of the loginmanager database role in the master database can create new logins.
Those accounts are also capable of alter and drop logins. So if you embed those accounts in the client application, you’re essentially granting every user permission to alter/drop other users accounts. While an average user won’t do that, a hacker will. So you cannot let a client application manage SQL Azure logins, unless only trusted users (such as your IT administrator) are permitted to use the app.
Best Regards,
Ming Xu.
I would like to point out a potential issue in the approach you mentioned: Your master SQL Azure account need to have privilege to create new accounts and grant them access to particular tables. This means your master account itself need to also have access to all those tables. If you store the master account on the client side, a clever user will get access to all users data.
From my experience, connecting to a database directly from a client side application will almost always make your solution less secure. You can do that for testing purposes, but in a real world solution, I would like to suggest you to use a service. You can host the service in Windows Azure. Then the service will access the database, and client application can only access the service. In this way, you can authenticate clients using any mechanisms you like, such as ASP.NET membership.
Best Regards,
Ming Xu.
You are essentially creating a physical two-tier database connection, allowing a client application to connect directly to the database. This is a problem in many ways, including security and performance. From a security standpoint, not controlling from where your customers will connect, you will need to keep your firewall rule wide open for anyone in the world to try to hack every customer uid/pwd. And instead of having only 1 user id to play with, hackers will have up to 1,000...
The second issue is performance. You applications will be unable to leverage connection pooling, creating undue stress on your database server and possibly hitting throttling issues at some point. Using a web service, with ASP.NET membership to manage logins, and using a service account (i.e. the same uid/pwd) to get data will ensure you will leverage connection pooling correctly if you keep the connection string the same for all your requests.
With a web service layer you also have a whole slew of new options at your fingertips that a two-tier architecture can't offer. This includes centralizing your business and data access logic, adding caching for improved performance, adding auditing in a centralized location, allowing to make updates to parts of your applications without redeploying anything at your customer locations and so much more...
In the cloud, you are much better off leveraging web services.
My 2 cents.
We have a problem where one of our customers is changing data directly in the database.
As we have an API, we'd prefer our customers to use this. We have threatened not to support their solution if they persist in manually changing data.
My query is, is there a technical way we can prevent access to the database from anything other than our application?
This is a sql server database, and our customers own the server and administer the DB server, So essentially we need a way to lock out SA.
Thanks
First things... you can't:
lock out sa or sysadmin rights at all at the server level
lock out db_owner/dbo at the database level
Now we've cleared that one up, who is accessing data directly?
If you mean end users are changing data, then you have a security issue: they should only be able to use the API and not even be able to connect.
If you mean sysadmin level users (eg DBAs or BOFH types) then there may be a legitimate reason. Does your API support all operations? As a DBA, I had to do open table surgery on badly written 3rd party apps now and then
If end users have sysadmin level rights, then you have a politics issue within the client company
Edit:
After comment by OP on their question... sysadmin users can disable triggers...
Is you API public? It shouldn't be if you can change data without any authentication. I recommend using some internal authentication mechanism. A basic challenge/response protocol that ensures that the incoming query is safe to execute, or something like that.
I'm looking for a strategy to allow automatic updates for a number of databases at customer sites through a publish-subscribe kind of mechanism. Right now there is a datacenter which has all the master data that get fed through extractions from hundreds of databases out there. The problem is that, whenever I need to do create a new view in the remote customer databases, I have to manually roll out an installation patch and ask the users to run it (their sites are behind firewalls, so I can't remotely do that from my end). Ideally, I would like to have a "DDL image" of the customer database schema at the datacenter, and whenever any change happens to it, all the subscribing customer databases would update their table view codes. The target databases are mostly SQL Server 2005 and Oracle.
I heard the MS SQL replication services could do such a thing? What about Oracle? anybody had experience with such?
Thanks!
Not sure about existing solutions, but how about writing your own auto-update mechanism that would run on a timer on the client machines and pull the latest schemas and views from some service table in your master database? Your change wouldn't get propagated straight away to all sites and some sites would update before others, but they would all eventually see the changes.
Golden gate might fit your needs.