I'm running an express server and I am very new to databases. If I have a public repo on Github of my express server and have this line of code publicly visible in one of the files:
const pool = new Pool({
user: "postgres",
host: "localhost",
database: "postgres",
password: "dummypassword",
post: 5432
});
Can people somehow connect to my PSQL database using my 'dummypassword' and mess up people's accounts that are stored in that database? I am planning to deploy it to DigitalOcean and I am wondering if this could be an issue somehow later down the road.
Thanks :)
If dummypassword is your true database password, then yes, this is absolutely a problem. You would literally be giving hackers instructions on exactly how to connect to your database! Don't do this.
Look into using dotenv on npm. This will allow you to create a .env file that can hold this precious information on a server outside of version control i.e. Github.
https://www.npmjs.com/package/dotenv
To expound on this, I would always err on the side of caution when dealing with database credentials. Say someone did get access to this information but that wasn't the actual database password, but the rest of the credentials were. The intruder now knows what kind of database you are running, where it's located, what port, and the username. All they need is the password in order to gain access to your entire production database and all of your users information.
I'm assuming you are saying; can someone connect to my production database ONCE you have changed the password for your production database?
If so then there is nothing in your example that isn't default so the answer is no.
If you're saying that "dummypassword" will be in production then yes that would NOT be a good idea, but I'm guessing you're not saying that.
Related
G'day, I am trying to make a clone of the WordPress website into my local server. I installed the Duplicator plugin and generated a archive file of the website and the installer.php. Then after ran the installer.php from http://localhost:8888/untitledfolder/installer.php.
In the step 2 (Install Database) there is an error which is a connection failure. I already created a database named 'livewebsite' beforehand. It's likewise the below image.
Any help would be really appreciated though I am new to WordPress trying to learn from the scratch. No down votes for the question please. Thank you! :)
I got the issue. That was my username and password. Username & password should be default data which is root and 123 for my settings. Thank you!
You should change MySQL port (the right input with localhost) from 8888 to 3306. That's the real port of MySQL server.
After change and retry, you can see the Host: Fail will become Host: Success with green flag I think. If Database still have a red fail flag, please edit your database username and password. It's not your WordPress account.
I set up PGAdmin III with my Heroku database.
I was wondering how I can see my Users database. I am still building my website so I wanted to test how they are being registered in the database.
However, all I see is tons of databases with strange "d10abc111ldlapsaman"-like names. How do I access my User database?
If PGAdmin III is not the right tool for this - what tool should I get to see my users of my still - in -development Heroku application?
You may have figured out your issue by now, but what you want to do is go to https://postgres.heroku.com. Look at your default connection settings for your database. Now, do the following in pgAdmin III using these settings:
File -> Add Server
Name: anything you want
Host: ec2-xx-xxx-xxx-xxx.compute-1.amazonaws.com
Port: 5432
Maintenance DB: yourdbname (in your example it would be d10abc111ldlapsaman)
Username: uiuskwljksjdkje (change to yours)
Password: sdjfj3##f333edfs (change to yours)
The other settings can stay at what they initially were.
You should no be connected to the server. Expand it and scroll through the long list until you find your database name (the one that you put as Maintenance DB).
You're done!
Updating the answer for someone who still needs it, like me:
Go to your heroku account and find your database credentials (you should open your app, then postgres on add-ons and finally settings):
screenshot
In pgadmin you should right-click on 'servers'-> create -> server and enter your credentials:
General/Name: the name that pgadmin will show (only for you)
Connection/Host name: Host in credentials
Connection/Port: Port in credentials (probably 5432)
Connection/Maintenance database: Database in credentials
Connection/Username: User in credentials
Connection/Password: Password in credentials (tip: check the box to save it)
SSL/SSL mode: Require
Advanced/DB restriction: your database (same as maintenance db) -> this will filter only your db of the many others that will spam if you don't do that.
I would like to manage my Heroku database with pgadmin client. By now, I've been doing this with psql.
When I use data from heroku pg:credentials to connect de DB using pgadmin, I obtain:
An error has occurred:
Error connecting to the server: FATAL: permission denied for database
"postgres" DETAIL: User does not have CONNECT privilege.
How to achieve the connection?
Open the "Properties" of the Heroku server in pgAdminIII and change the "Maintenance DB" value to be the name of the database you want to connect to.
The default setup is suitable for DBAs et al who can connect to any database on the server, but apparently that isn't true in your case.
After you change the Maintenance DB name as suggested by araqnid's answer above, you should also add your database to the DB restrictions field because without this you will see thousands of databases and you may not be able to find yours in the list if the list is too long.
More details here - How to hide databases that I am not allowed to access
This is for pgAdmin 4
In order to connect pgAdmin to your database (postgres instance in Heroku), do the following:
Login to Heroku, and select the application in which you have the database
Select the Resources tab and then click on "Heroku Postgres Ad-on" (see below). This will open up a new tab.
Select the Settings tab and then click on "View Credentials..." (see below)
You will get the following information that you will use in pgAdmin:
Go to pgAdmin, and create a new server
In the General tab, give a useful name
In the Connection tab, fill the info you got at Heroku
In order to avoid seeing thousands of databases, you need to add your database name to DB restriction in the Advanced tab (see below)
We require SSL for connections outside Heroku. Please verify whether you're forcing SSL in your client.
Answered more thoroughly here: Connecting pgAdmin3 to Postgres on Heroku
We don't allow connections to the postgres database, so be sure to set Maintenance DB to your database name, and be sure to use SSL.
Change the Maintenance Database to the name of your Database, e.g. dva70000p0090. This should work.
the db password local isnt the same db password heroku. please check the heroku ip postgtres address and extrac
I installed oracle 11g in my machine and created tablespaces and user.
Evereything ran succesfully. Now im trying to create a new conenction thru sqlDeveloper but i get this error. I checked the SID name and changed them according to tnsnames.ora. what else might go wrong?
Don't use the tnsnames.ora and set the connection type to "Basic".
Enter your connection details (SID, Port, host, username and password) accordingly.
Use connection type basic, and dont use hyphen "-" in the connection name, while use underscore "_". and then try again to connect
If the database is on your machine, and you're still talking about 11g, then you can simply do this:
Connection Type: Basic
Hostname: localhost (you said it the db was on YOUR machine, yes?)
Port: 1521 (this is the default unless you changed it)
SID: orcl for regular db or xe for Express edition
Service Name: use this if 12c with Pluggable Database
Or course for username and password:
username: system (a default ADMIN account, less dangerous than SYS)
password: whatever you provided when creating your database
If you are going to login as SYS, you must change the Role from default to SYSDBA.
If you have TNSNames.ora file, we should find it, and you can set your Connection Type to TNS, and simply pick your database from the dropdown.
As you can imagine, when you have MANY databases, the TNS path is much easier, but you will need to maintain this file. Otherwise, Basic is the easiest way to go.
I'm getting this error when running an SSIS package through SQL Agent
Failed to acquire connection "ORACLE ADO.NET". Connection may not be configured correctly or you may not have the right permissions on this connection.
When I log on as the SQL Agent User and run the ssis package directly it is fine. When I then execute it through the SQL agent job, it fails.
I've read around extensively on this topic, and it seems a lot of the advise concerns how you are logged in, configuring of proxy accounts, etc, etc, etc, none of which has been helpful.
I am logging onto an Oracle database with an ADO.NET conncetion. The connection string is as follows (datasource, userid and password have been changed):
Data Source=DATASOURCE;User ID=userid;Password=password;Persist Security Info=True;Unicode=True;
I'm loading this from a registry setting using package configuration. To check that I am getting the correct string, I am writing it into a temporary log table. I am definately getting the string I need from the correct registry setting.
I've tested the oracle login credentials though PL/SQL developer, and it lets me login just fine.
As far as I can tell, as I'm using an explicit user name and password for the Oracle connection it just shouldn't matter who the SSIs pacakge is run as. The only point of failure that Ican see would be the reading of the information from the registry, but that seems fine.
I'm really quite baffled, I must confess, and would appreciate any help some of the splendid experts here can offer.
Many thanks,
James
Ok, tracked this one down after quite a lot of pain.
It was working fine on one environment, but not another, so I fired up Process Monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) and ran a package through the SQL Agent job, comparing which system entities were hit on each enviroment.
On the failing environment, at the point of the bulk transfer operation, the package attempted to get the Oracle 11 client DLL, and then hung.
I knew that this was installed, and, moreoever, the DLL path was a system environment setting. After further investigation it was revealed that the server had not been rebooted since the Oracle Client install and the SQL Server Agent process had not bee recycled.
Yes, can you believe it, the old helpdesk fix "Can you reboot your computer?" worked.
Sigh!
We had issues at a client with running packages connecting to Oracle before stored on our sql server instance. The work around we found was to change the package property, protection level, to "Dont save Sensitive Data" and for security purposes, we encrypted the username and password in the package configuration that was decrypted by a udf in sql server. Of course, before you try the whole encryption part, I would recommend putting the username and password in the package configuration without encrypting the values to see if changing the protection level setting is the solution to your specific problem. I hope this helps.
I was getting this error when tnsnames.ora file did not have a valid entry for the environment