I just realized today that I can connect to my pgbouncer with the wrong password.
I did try without going through port 5432 (directly to postgresql) and I do get a password authentication error, but when I use port 6432 (going through pgbouncer) the connection is successful even with the wrong password.
As for my Pgbouncer configuration, my userlist.txt looks like below
"db1" "mypass"
"db2" "mypass"
Any idea what the problem could be here?
I had to change auth_type from trust to plain.
I think it's wrong for the default config file to have auth_type set to trust
Related
Setup: Progress 11.5 databases sitting on Linux (CentOS) server, with proenv available.
I'm trying to connect to Progress database through proenv and sqlexp. I'm unable to, since I don't know the user and password. There's no way I can obtain it from someone else, as nobody knows these credentials. I have root access on this server.
How can I connect to this database so that I can later create another account to use through ODBC?
What I've tried already is:
Being on root account, opening up proenv by
/dlcloc/dlc-11.5/bin/proenv
which brings up proenv, and then when I try
sqlexp -db rep -H localhost -S 2502 {-user ?? -password ??}
given that there's a db within
/dbloc/prod/rep/
with files like rep.db, rep.lg, rep.b1, rep.d1 and some other files avilable on localhost under port 2502 (confirmed through ps aux | grep rep)
I get an error even without user and password
Error: [DataDirect][OpenEdge JDBC Driver][OpenEdge] Access denied(Authorisation failed). (8933)
Which is obvious from my side, but there's no way to get user and password. How can I go around this given my environment to be able to establish a successfull connection?
Additional note: There's a special user called progressuser under which database is created, but impersonating that user from root as su progressuser and going through the same process yields the same results.
You could try accessing the database using the native 4GL broker. And possibly try this solution:
https://knowledgebase.progress.com/articles/Article/P9483
First run that proenv-script, it will set paths and environment variables.
Then identify on which port the 4GL broker runs. If you dont know: check your database log file (rep.lg). Look for something like:
[YYYY/MM/DD#HH:MM:SS.sss+TZ] P-XXXX T-YYYY I BROKER 0: (4262) Servicename (-S): NNNN.
The Ns will be your port. It might possibly be a service name to check in /etc/services
Then access the Progress Editor with a connected database:
pro -db rep -H <IP-address/domain name> -S <port number/service name>
You should see a rudimentary editor. To run something you press Ctrl+X or F1. To access the menu F3. To exit something F4.
Access the Menu using F3 and arrow-key your way to Tools -> Datadictionary. Now you should be able to follow the steps in the link provided above.
Perhaps its a good idea to make sure you have a valid backup before you start messing around with the users...
I am trying very simply to download MS SQL Server to my Mac using Docker.
As I was following a video, I reached a road block because my password was too short and Docker exits the program. (I received the error below). Can you please advise on how to change my password using the terminal or elsewhere?
ERROR: Unable to set system administrator password: Password validation failed. The password does not meet SQL Server password policy requirements because it is too short.
The container only accepts SQL auth and you've locked yourself out by making SQL auth impossible for the only SQL auth account that exists. Kind of a catch-22 because you can't log in to make your password long enough so that you can log in. I wish docker recognized this when you first fire up the run command instead of when it is too late, but this is where we are.
While it may be possible to hack into mssql-conf or the mssql-server service to change the password, honestly, the easiest thing for you to do is to start over with a new container. The nice thing about containers is that this is exactly what they're designed for. Run this:
docker ps
This will list the containers you have created; the one in question might be named something like a5de64..., so then just do:
docker stop a5
docker rm a5
Then create a new container with a password that is both long enough and strong enough:
docker run ... -e SA_PASSWORD=d0_n0t_be_l#zy_h3r3 ... mcr.microsoft...
I'm running an express server and I am very new to databases. If I have a public repo on Github of my express server and have this line of code publicly visible in one of the files:
const pool = new Pool({
user: "postgres",
host: "localhost",
database: "postgres",
password: "dummypassword",
post: 5432
});
Can people somehow connect to my PSQL database using my 'dummypassword' and mess up people's accounts that are stored in that database? I am planning to deploy it to DigitalOcean and I am wondering if this could be an issue somehow later down the road.
Thanks :)
If dummypassword is your true database password, then yes, this is absolutely a problem. You would literally be giving hackers instructions on exactly how to connect to your database! Don't do this.
Look into using dotenv on npm. This will allow you to create a .env file that can hold this precious information on a server outside of version control i.e. Github.
https://www.npmjs.com/package/dotenv
To expound on this, I would always err on the side of caution when dealing with database credentials. Say someone did get access to this information but that wasn't the actual database password, but the rest of the credentials were. The intruder now knows what kind of database you are running, where it's located, what port, and the username. All they need is the password in order to gain access to your entire production database and all of your users information.
I'm assuming you are saying; can someone connect to my production database ONCE you have changed the password for your production database?
If so then there is nothing in your example that isn't default so the answer is no.
If you're saying that "dummypassword" will be in production then yes that would NOT be a good idea, but I'm guessing you're not saying that.
Spec:
Ubuntu 14.04
webmin/virtualmin 1.791
I am using following code to test remote mysql database connection:
<?php
$db_host = "123.456.789";
$db_name = "database";
$db_user = "user";
$db_pass = "password";
$db_table_prefix = "prefix_";
GLOBAL $errors;
GLOBAL $successes;
$errors = array();
$successes = array();
$mysqli = new mysqli($db_host, $db_user, $db_pass, $db_name);
GLOBAL $mysqli;
if(mysqli_connect_errno()) {
echo "Conn Error = " . mysqli_connect_error();
exit();
}
?>
I keep getting this error:
No connection could be made because the target machine actively
refused it.
Research shows this means the server is "not listening". Before I ran the above script I've already tried to allow remote mysql access through webmin gui. What I did is editting "database manage->host permissions" and make it as follows:
This was supposed to allow remote mysql access but it doesn't work. Also I read from somewhere else that to allow remote mysql access I need to edit /etc/mysql/my.cnf; I have thought that after I edit the "host permissions" in webmin this file would be changed, but it was not. On the other hand, I couldn't find the lines I was supposed to edit in my.cnf, so I am stuck here.
Any help is appreciated.
You can do this via webmin too,
Create your user account for remote access
Webmin > Servers > MySQL Database Server > User permissions
Allow the MySQL server to listen to remote requests
Webmin > Servers > MySQL Database Server > MySQL Server Configuration
MySQL server listening address - set it to any
Restart MySQL using service mysql restart or directly from webmin.
Allowing MySQL to listen to any port is not a good idea , unless you are the only one who can access that network ,
Don't leave it like this afterwards , Its better to Allow certain hosts on certain domains , like your IP , Or simply just dont listen on all ports if its not required i.e when you are finished with your session.
You can also do this via /etc/mysql/my.cnf
Just add a binding adress of your choice instead of localhost
I have got it to work, however not through webmin at all.
First I need to comment out the following line in /etc/mysql/my.cnf:
#bind-address = 127.0.0.1
I guess instead of simply commenting it out, I can also change 127.0.0.1 to my local IP address. Many google results stop here, but this is not enough. The next step is to grant the local user privileges: On remote server, I need to run the following commands:
$ mysql -u root -p
Enter password:
mysql> use mysql
mysql> GRANT ALL ON . to user#'localIP' IDENTIFIED BY
'password';
mysql> FLUSH PRIVILEGES;
Actually I have seen this when I was doing google search before I asked the question here, but I just ignored it because I thought I've done it. It turns out I not only need to grant privileges on server side but also need to do it for "local user".
Feel free to comment here if there's still something I missed out or you know how to do it throught webmin(I am still wondering what editting "host permissions" in webmin does).
I installed oracle 11g in my machine and created tablespaces and user.
Evereything ran succesfully. Now im trying to create a new conenction thru sqlDeveloper but i get this error. I checked the SID name and changed them according to tnsnames.ora. what else might go wrong?
Don't use the tnsnames.ora and set the connection type to "Basic".
Enter your connection details (SID, Port, host, username and password) accordingly.
Use connection type basic, and dont use hyphen "-" in the connection name, while use underscore "_". and then try again to connect
If the database is on your machine, and you're still talking about 11g, then you can simply do this:
Connection Type: Basic
Hostname: localhost (you said it the db was on YOUR machine, yes?)
Port: 1521 (this is the default unless you changed it)
SID: orcl for regular db or xe for Express edition
Service Name: use this if 12c with Pluggable Database
Or course for username and password:
username: system (a default ADMIN account, less dangerous than SYS)
password: whatever you provided when creating your database
If you are going to login as SYS, you must change the Role from default to SYSDBA.
If you have TNSNames.ora file, we should find it, and you can set your Connection Type to TNS, and simply pick your database from the dropdown.
As you can imagine, when you have MANY databases, the TNS path is much easier, but you will need to maintain this file. Otherwise, Basic is the easiest way to go.