I'm building an application in Symfony2 where every user gets its own database, meaning all users have their own set of database credentials. The user doesn't know those credentials, they are stored within the application.
Depending on which user is logged in, the application retrieves the user specific credentials and stores data in the user specific database.
I'm using Propel as ORM and I know I can set up multiple connections. But all the solutions I came across require knowing the connection details on beforehand, but I do not know what user will register and log in.
So my question is: How I can I initiate the proper database connection?
Supposing you already have connection (if needed, to a dummy database), you can change your connection parameters doing the following
// Get current configuration
$config = \Propel::getConfiguration();
// Change DB configuration
$config['datasources']['default']['connection']['dsn'] = 'mysql:host=127.0.0.1;port=3306;dbname=dbname;charset=UTF8';
$config['datasources']['default']['connection']['user'] = 'username';
$config['datasources']['default']['connection']['password'] = 'password';
// Apply configuration
\Propel::setConfiguration($config);
\Propel::initialize();
Related
To access an OData web service that exposes data from a Core Data Service (CDS) in SAP R/3, a user needs has to have an authorization role assigned that contains the authorization object S_SERVICE.
The authorization object S_SERVICE requires two parameters:
the service type (SRV_TYPE) which is set to HT = "TADIR Object" in my case
the service hash (SRV_NAME).
Using the debugger I found out, that the function module AUTHORITY_CHECK_TADIR_SERVICE compares the hash from the S_SERVICE authorization object with the hash stored in a record of table usobhash:
I also found out, that function module AUTH_TRACE_CALC_HASH uses the data from the columns PGMID, OBJECT and OBJ_NAME in table usobhash as input to generate the hash which is then stored in column NAME.
So far, whenever I wanted to grant a user/role permission to access a OData service I needed to know this hash. To get the hash, I either checked the usobhash table or manually executed AUTH_TRACE_CALC_HASH and then entered the hash when I assigned the authorization object to an authorization role in transaction pfcg. I guess there has to be an easier, more "official" way to do this. My approach feels like a dirty workaround but I was unable to find any documentation about how to do it right.
tl;dr How do I set the S_SERVICE authorization object without either debugging AUTH_TRACE_CALC_HASH or searching for the relevant entry in usobhash?
Create a role with the Service in it. Therefore please create a new or choose an existing role in the transaction PFCG → (+ pushbutton).
Choose the object type "Authorization Default".
Choose "TADIR Service"; Choose object type IWSV or IWSG.
Use the F4 help to select your service.
Save the role.
Assign the role to user.
I have an ASP.NET (C#) web application that connects to Informix 12.x database. The web application uses a database connection string with username and password. Users are given login accounts to use the web application and they can delete records in the database.
The database tables have "LastModifiedBy" which contains the user ID. Now, I need to implement auditing using database triggers. I need to capture what records were updated or deleted and who did it (i.e. logged in user) and save these in an audit table.
For the delete trigger, how can I capture the user ID of the logged in user and save this in the audit table?
The database user (available via the keyword USER) is always going to be the username associated with the shared database credentials. Your question is not very clear, but are you saying the existing LastModifiedBy attribute contains the named user or the database user? If it's the named user, I think you should probably look at your ASP.NET code to see how that gets passed into the UPDATE statement.
I'm no expert on ASP.NET, but assuming a single page request uses the same database connection throughout its processing cycle, then you could maintain a table keyed on the session ID, available via DBINFO('sessionid'), where you capture the named user at the top of the request, and then you have it available at any point throughout the process for inclusion in your audit. But if the web-server processes are using a pool of database connections and any statement could go to a different connection, even that won't work.
Ultimately, I don't think database triggers are the right solution here, not least because you'll have to write and maintain a trigger for every table in your application. If I was faced with this problem I would be more inclined to have a common Audit function within the web-app, where the named user is always available.
At the OP's request, a bit more detail. The Session ID is exactly the same concept as you see in SSMS - just a unique number that identifies the connection.
Imagine you have the following table and procedures:
CREATE TABLE session_user (
sessionid INTEGER NOT NULL,
username VARCHAR(20),
conn_date DATE,
PRIMARY KEY (sessionid)
);
CREATE PROCEDURE set_user(v_username VARCHAR(20))
UPDATE session_user SET username = v_username, conn_date = TODAY
WHERE sessionid = DBINFO('sessionid');
IF DBINFO('sqlca.sqlerrd2') = 0 THEN
INSERT INTO session_user VALUES (DBINFO('sessionid'), v_username, TODAY);
END PROCEDURE;
CREATE PROCEDURE get_user()
DEFINE v_username VARCHAR(20);
SELECT username INTO v_username
FROM session_user
WHERE sessionid = DBINFO('sessionid');
IF v_username IS NULL THEN
LET v_username = USER;
-- return system user if no record found in session_user table
END IF;
RETURN v_username;
END PROCEDURE;
NB: None of this code is tested, it's just to show the principle. I don't have an Informix instance to hand to test this on.
At the top of the request, however you execute your SQL, you would run:
EXECUTE PROCEDURE set_user($the_web_user);
Your triggers could then use get_user() wherever you want to capture that info. You'll get the actual web user if it's been recorded in the session_user table, otherwise the database user (which will be the shared database credentials if the triggering DML has come from the web-app, or the physically logged in user if the trigger is via a DB-Access session).
I still don't think this is a particularly maintainable solution - every table needs its own trigger(s). An OO audit method in the web-app would be a more DRY approach, or have a look at Informix's preexisting audit capabilities.
Note: the date field was included in the session_user table so you run a clean-up over it, because depending on how often new connections get created by the web-app, your session_user table could grow like topsy.
I need to check how many invalid attempt a user taken at the time of log in.
This is becauase our requirement is to save the max attempt password value from db not config.
The default Membership API doesn't expose the invalid attempt counts, but they are indeed tracked in the database.
If you take a look at the documentation for the Sample Membership Provider Implementation you'll see the following in the Database schema section:
FailedPasswordAttemptCount Integer,
FailedPasswordAttemptWindowStart DateTime,
FailedPasswordAnswerAttemptCount Integer,
FailedPasswordAnswerAttemptWindowStart DateTime
These work in conjunction with the PasswordAttemptWindow setting to lock users out if they fail to supply the correct values, and the counts are updated by the default provider when the user fails to log in.
If you want to manage these through a database rather than the web.config you only really have one choice: Write a custom membership provider (based on the sample) that reads the required values from the DB rather than the config settings.
This is because the property on the provider is read-only so you can't modify it once the provider is loaded and instantiated.
I've specified the user of my application pool to be SERVER4\IUSR_SERVER4. And then I added this user to the SQL Server. But when I try to connect to the database I get the following error:
Server Error in '/BSHHD' Application.
Cannot open user default database. Login failed.
Login failed for user 'SERVER4\Administrator'.
What's driving me mad is there's no user named SERVER4\Administrator. What do I have to do in order to be able to properly connect to this SQL Server database from my website?
P.S. I think this is related with Membership authentication. Now I need to find out how Membership accesses SQL Server and where the login credentials are specified
The thing is, the app pool user is not necessarily the user you use to connect to MSSQL (as a guy in the comments already stated). After seeing your connection string, this is probably the case, and maybe, just maybe, the problem is not the user but it's default database.
I've had this error in the past: Try setting the user you use in the connection string (clerk's) default database to something else. This error is common when you've set a default database for a user before and now the database doesn't exist anymore or is having some problems.
You can change the user's default database using something like this:
Exec sp_defaultdb #loginame='clerk', #defdb='dok'
You can also use something like this but I've never used it:
ALTER LOGIN SQLLogin WITH DEFAULT_DATABASE = AvailDBName
Also, there's no need to set the integrated security to false because it is the default value already. I hope this helps =)
I have an admin account for my website where I add new clients. When a new client is added, they get an account and their own database.
The problem is I can't create new databases on my server from my admin account. When running it locally, I can add a database locally. But, when I try adding to the server running my website off the server, I get
CREATE DATABASE permission denied in database 'master'.
I've been able to add the database (locally) a few ways. This is one of the simpler working versions:
tmpConn.ConnectionString = "Data Source=.\\SQLEXPRESS; DATABASE = master;Integrated Security=True;";
sqlCreateDBQuery = " CREATE DATABASE " + dbname;
SqlCommand myCommand = new SqlCommand(sqlCreateDBQuery, tmpConn);
try
{
tmpConn.Open();
myCommand.ExecuteNonQuery();
}
catch (System.Exception ex)
{}
I suspect that whatever account you're using to connect to Sql Server doesn't have permissions to CREATE DATABASE. You're probably using Integrated Security, which would use Network Service/ASP.NET to connect to MSSQL. You need to create a new connection string that uses Sql Authentication with sa (or another sysadmin) credentials.
Oh - and this would work locally because you're running it under Visual Studio's WebDev.exe which is run with your local user account - which is probably set up as a sysadmin in MSSQL.
You should contact your service provider. (Or the maintainer of the server).
You need create database and create database user permissions. Your service provider should be able to facilitate this.
Something else no one has suggested is what kind of validation you are doing on the dbname value. Are you sure there are no spaces in it? That it's not a reserved word? That it doesn't contain malicious code? At very least you should encase it in brackets:
sqlCreateDBQuery = String.Format(" CREATE DATABASE [{0}]", dbname);
I really hope you aren't allowing the user to type this name directly into a textbox somewhere. Even if you use property security on the initial input and this is pulled back from a common "clients" db of some kind, you might be setting yourself up for a 2nd order Sql Injection vulnerability.
After you've addressed that, we can look at the error message here. In this case, the problem is that your web user does not have appropriate CREATE permissions. You need to correct that and it should allow you to proceed. You probably want to reserve a special account for this that you switch to just at this time, so your application doesn't normally run in a context that would allow this kind of action.
Check the permissions for MySQL: Does your admin account have different settings for a local connection versus any host?