Is it possible to use username, password and db in Redis?
The reason for this question is because in the official pyramid_redis_sessions documentation ( http://pyramid-redis-sessions.readthedocs.io/en/latest/gettingstarted.html ) the parameter...
redis.sessions.url = redis://username:password#localhost:6379/0
... (to use inside a Python/Pyramid production.ini, for example) suggests the use of username, password and db.
However I have not found anything on the internet that explains how to create a user and password linked to a db on Redis. In the link https://stackoverflow.com/a/34781633/3223785 there is some information about using a db (Redis).
There is the possibility of creating a password ( https://stackoverflow.com/a/7548743/3223785 ). But it seems that is a scope of use other than the parameter redis.sessions.url.
NOTE: The pyramid_redis_sessions provides a implementation of Pyramid’s ISession interface, using Redis as its backend.
#Jacky
In the Redis, the AUTH command is used to authenticate to the Redis server. Once a client is authenticated against a server, it can switch to any of the DBs configured on there server. There is no inbuilt authentication against a specific database.
Related
I developed a Django application, where a user can change the database dynamically through the UI.
I tried using Django's integrated database configurations in settings.py but I had to do some workarounds but still faced some weird errors.
Therefore I decided to use pyodbc with a connection string to connect to the database in my views.py.
The User inputs his database credentials (table, user, password, host, port), which then get saved on a database.
Every time a user needs some data following method gets invoked:
con = DatabaseConnection.objects.all().first()
conn_str = '{}/{}#{}:{}/{}'.format(con.user, con.password, con.host, con.port, con.name)
Everything works fine, but how exactly do I store the password(or the rest of the data) correctly?
I thought about encrypting and decrypting the password in my views.py but that wouldn't make sense, would it?
I'm doing the Python Eve tutorials on authentication and authorization. In the settings.py file it specifies this block of code:
# Let's just use the local mongod instance. Edit as needed.
# Please note that MONGO_HOST and MONGO_PORT could very well be
left
# out as they already default to a bare bones local 'mongod'
instance.
MONGO_HOST = 'localhost'
MONGO_PORT = 27017
# Skip these if your db has no auth. But it really should.
MONGO_USERNAME = '<your username>'
MONGO_PASSWORD = '<your password>'
But in the tutorial it sets up a separate 'accounts' collection in Mongo to handle users and accounts. It looks like it wants you to create a separate authentication process just for the python application, and not use Mongo's built in user access features. Is this correct, and is there a reason for this?
It seems to me that hardcoding a Mongo database user + password into a file on a server isn't so secure, and that it'd make more sense to try to use Mongo's own authentication stuff as much as possible. I know pymongo has some tools to work with Mongo users but I wanted to check if there was a good reason for doing it this way before I go diving into that.
I am in the process of developing a Python3/tkinter application that I want to have its database features based on a remote MySQL server. I have found SQLalchemy and I am trying to understand what the best practices are in terms of remote access and user authentication. There will be a client application that will ask for a username and password and then it will get, insert and update data in the remote database.
Right now, I am starting with a clear board, following the steps in some tutorial:
from sqlalchemy import create_engine, ForeignKey
from sqlalchemy import Column, Date, Integer, String
from sqlalchemy.ext.declarative import declarative_base
engine = create_engine('mysql+pymysql://DB_USER:DB_PASSWORD#DATABASE_URL:PORT/DATABASENAME', pool_recycle=3600, echo=True)
Base = declarative_base()
connection = engine.connect()
class Process(Base):
__tablename__ = "processes"
id = Column(Integer, primary_key=True)
name = Column(String)
Base.metadata.create_all(engine)
Assuming this is the right way to do it, my first question about this code is:
Isn't here a potential security problem by sending unencrypted user and password through the Internet? Should be taken some kind of measures to prevent password steal? If so, what should I be doing instead?
The other question that I have right now is about users:
Should each application user correspond to a different MySQL database user, or is it more correct to have the database client with a single user and then add my client users in a table (user id, password, ...), defining and managing them in the application code?
Isn't here a potential security problem by sending unencrypted user
and password through the Internet? Should be taken some kind of
measures to prevent password steal? If so, what should I be doing
instead?
There is a fundamental issue with having a (MySQL) database available to the web. With MySQL you can configure it to require ssh-tunnels or ssl-certificates, both of which prevents sending passwords in clear text. Generally you'll have to write both your client software, and a piece of server software that sits on a server close to the database (and the protocol between client/server).
Should each application user correspond to a different MySQL database
user, or is it more correct to have the database client with a single
user and then add my client users in a table (user id, password, ...),
defining and managing them in the application code?
Neither is more correct than the other, but depending on your database (and your client machines) it might influence licensing costs.
Normally your client would authenticate users with the server-software you'll be writing, and then the server software would be using a single database login to contact the database.
I'm attempting to create a REST API that selects the appropriate mongo database to write to along with the correct collection. How do I have eve select the database with the same name as a parameter as well as the collection?
With upcoming v0.6 Eve will natively support multiple Mongo instances.
New: Support for multiple MongoDB databases and/or servers.
You can have individual API endpoints served by different Mongo instances:
mongo_prefix resource setting allows overriding of the default MONGO prefix used when retrieving MongoDB settings from configuration. For example, set a resource mongo_prefix to MONGO2 to read/write from the database configured with that prefix in your settings file (MONGO2_HOST, MONGO2_DBNAME, etc.)
And/or you can use a different Mongo instance depending on the user hitting the database:
set_mongo_prefix() and get_mongo_prefix() have been added to BasicAuth class and derivates. These can be used to arbitrarily set the target database depending on the token/client performing the request.
A (very) naive implementation of user instances, taken from the docs:
from eve.auth import BasicAuth
class MyBasicAuth(BasicAuth):
def check_auth(self, username, password, allowed_roles, resource, method):
if username == 'user1':
self.set_mongo_prefix('MONGO1')
elif username == 'user2':
self.set_mongo_prefix('MONGO2')
else:
# serve all other users from the default db.
self.set_mongo_prefix(None)
return username is not None and password == 'secret'
app = Eve(auth=MyBasicAuth)
app.run()
Also:
Database connections are cached in order to not to loose performance. Also, this change only affects the MongoDB engine, so extensions currently targeting other databases should not need updates (they will not inherit this feature however.)
Hope this will cover your needs. It's currently on the development branch so you can already experiment/play with it.
Say you have parameters "dbname" and "collectionname", and a global MongoClient instance named "client":
collection = client[dbname][collectionname]
PyMongo's client supports the "[]" syntax for getting a database with a given name, and PyMongo's database supports "[]" for getting a collection.
Here's a more complete example with Flask:
client = MongoClient()
#app.route('/<dbname>/<collection_name>')
def find_something(dbname, collection_name):
return client[dbname][collection_name].find_one()
The good thing about my example is it reuses one MongoClient throughout, so you get optimal performance and connection pooling. The bad thing, of course, is you allow your users to access any database and any collection, so you'd want to secure that somehow.
I'm create a blog using django.
I'm getting an 'operational error: FATAL: role "[database user]" does not exist.
But i have not created any database yet, all i have done is filled in the database details in setting.py.
Do i have to create a database using psycopg2? If so, how do i do it?
Is it:
python
import psycopg2
psycopg2.connect("dbname=[name] user=[user]")
Thanks in advance.
before connecting to database, you need to create database, add user, setup access for user you selected.
Reffer to installation/configuration guides for Postgres.
Generally, you would create the database externally before trying to hook it up with Django.
Is this your private server? If so, there are command-line tools you can use to set up a PostgreSQL user and create a database.
If it is a shared hosting situation, you would use CPanel or whatever utility your host provides to do this. For example, when I had shared hosting, I was issued a database user and password by the hosting administrator. Perhaps you were too.
Once you have this set up, there are places in your settings.py file to put your username and password credentials, and the name of the database.