I'm trying to find a tutorial or help for solve this scenario.
In my MVC 4 application I want to have a Database where I store login information (username, password, connection strings ).
When User Login success, I want to open database with connection string stored in User Table, and get the policy from specific database (this database also contains the application data).
This means that a user can access to multiple database, and have different policy on every database.
Administrator can create a new user on Login Database, associate user with databases, and set policies for every Database.
Someone can help me or know a tutorial for doing that.
Thanks
Related
Good afternoon,
I am writing a front-end for a research database that holds sensitive health information. My institution has a policy that user actions be logged by the SQL server so that they can perform audits on the server log files in the event of a breach.
Because of this policy, I cannot connect Django to the db as a system user (otherwise, all users of the front-end actions would be logged by the server as the Django system user instead as the actual user individually).
Is there a way to connect to the DB using per user credentials so that actions performed on the front end will be logged as that user on the db server? I have been able to find a lot of information about using multiple databases, but nothing about per user authentication of those databases.
Thank you in advanced!
I don't think you can do that, the user that connect to the database need to have access to all the tables.
I had a similar issue when I wanted to use Django models outside Django and restrict access to certain models for certain users.
I ended up using SQLAlchemy and its automap feature on the existing Django database. Then you can connect to the database using your SQL users.
However, if you don't mind all the users accessing all the tables and are only concerned about the logs, maybe you can use a different settings.py or at least a different DATABASES configuration for each user?
I was able to accomplish this by giving the SQL user the IMPERSONATE permission and performing EXECUTE AS prior to the DB queries that I needed to have logged in models.py.
cursor = self.connection.cursor()
try:
cursor.execute("EXECUTE AS " + get_current_user()
except DatabaseError as e:
cursor.close()
raise e
I am working on a company project, in which it contains a data processing system and this system was previously written separately for each bank and have their own project file, and each of the project has their own database that store the user credentials for them to login using their id and password.
Now we need to merge all the projects together so that it only login via a single login page, but i am wondering how am i going to do this because the data, especially the login credentials is stored in different databases. How should I pass data from a database to another database to perform validation?
Assuming these are SQL server logins, You will probably have to build a database with an availableDB table listing the available databases. Let the user choose a database, then try to open that database using the specified credentials, kicking him/her back to the choose-a-database point in the application.
If that doesn't answer your question, we'll need a little more information: architecture, desired interface, etc.
Hope this helps.
Why Dont You Use a drop down on login form with Every bank name listed in Drop Down. After selection of bank, use if and else statements to populate selected bank database.
I am currently building a project that requires switching between different databases according to the user logged in.
Every registered user has it's own database however the tables (the structure) within the databases are the same.
e.g. user login by authenticating at the default database, if true then get the databaseName from the default database accordingly and then connect to that database from then on.
Is there any way to achieve this?
Thanks!
I have created Winforms application which stores some sensitive data like username and password.
The system used by many users. I am using SQL Server Express for storing data.
The application downloads data from a remote server by sync framework. I want to create only one user for that database so I can sync that database.
My problem is that I want to hide the database from all users which are using the application and also from the sa & Windows authentication accounts. So no one can see the other usernames or passwords.
How can I do this?
If I understand well, be best way to do it is :
keep one administrative login (one login that is member of sysadmin). It will be you. You need at least one admin.
disable sa : ALTER LOGIN [sa] DISABLE;
for all other logins, add them as users in the database, but don't give them any permission. They won't be able to see anything
use an application role (which is deprecated) OR create a user without login and use EXECUTE AS (which is the new way to go): you can learn more about it here : http://msdn.microsoft.com/en-us/library/bb669062(v=vs.110).aspx and http://msdn.microsoft.com/en-us/library/bb669087(v=vs.110).aspx. That will allow you to set other permissions for your users only when the conect through the application.
I spent a long time yesterday to configure for my CouchDB instance in order to create a little app and letting CouchDB manage authentication and authorizations for me.
So I ended up with something like that :
On top of everything I've got a server admin, who basically is god on my CouchBD instance.
Then I created a database named "mydatabase" (for example) and added the role "mydatabase_dba" as admin and also the role "mydatabase_user" as reader.
I also created a database named "_users" which contains all the database admins and users with their roles and also a design document named "_auth" which manages authorizations.
Only the server admin is admin of this database, and I added users with role "mydatabase_dba" as readers. Then, for those of you who knows about it, I modified the "validate_doc_update" field o the "_auth" document so that users with role "mydatabase_dba" can only deals with users with role "mydatabase_user".
So, to summarize at this point :
server admin is still god
users with role "mydatabase_user" can connect to "mydatabase" but they are just readers
users with role "mydatabase_dba" are admins of "mydatabase"
users with role "mydatabase_dba" can connect to database "_users" where they are readers
users with role "mydatabase_dba" can only manage users of role "mydatabase_user" in "_users"
Hope this is clear :D
What I can do now is create an application that will not manage users itself, but let users connect to CouchDB directly (transparently).
The problem come when it deals with users creation/update/deletion.
Because only users with role "mydatabase_dba" can access to the "_users" database and work on users with roles "mydatabase_user", I need at some point to connect to CouchDB as this db admin.
I have two solutions :
Create a user interface into my app that will let the admin connect and do what he has to do
or
Make some more code and let the app do it automatically, this is the solution I prefer, but the problem is : I have to store the admin credentials...
Sorry for the long introduction but I had to describe the landscape first :)
I created a post yesterday about how I could secure the connection between my app and the CouchDB instance : here
The solution I was given is to use HTTP over SSL (/TLS) to secure the communication. I'm okay with that, but now I have another concern, maybe I'm paranoid, but because my app will need to connect as "mydatabase_dba", I have to store its credential somewhere.
But how to store them securely ? As said in my previous post, even if I store the hashed password instead of the plain text password, if an attacker access my app source code, he'll have my admin credentials...
An application should never have an administrative rights. It should only be given the bare minim rights it needs to function. If the application needs some administrative rights, make sure it has as few as possible. Other than that, most of the time these credentials are stored in plain text in some file that only your application can access.
Never commit this text file into your source code manager (Subversion, Git, etc.)! Placing the file into a running system must be a step in the installation procedure.