The Django authentication system is a great system that can be helpful to develop authentication in apps. However, the django_session table and auth_user have no relation. When we want to fetch all of the active sessions of a user we have to fetch all the active sessions, deserialize the session_data, and then find the users' sessions. This is practically a complete table scan. Is there any special or security reason for that? Can we just create an association between these tables without making any vulnerabilities?
Related
I am working on a Django project and it requires 3 different database servers with different engines like MySql, PostgreSQL and SQLite.
SQLite has all the client side setting table, tables with not shared data [app has a feature to not upload some data to the server] and configuration tables and it is on the client machine through a tweaked C# app to create a django server environment and show the django site in a browser control like a native application.
PostgreSQL has tables that can be accessed by different clients on the network and has different tables with values of shared data. They maintain integrity with SQLite data through ContentType.
Django provides the contentType table that is created in both SQLite and PostgreSQL. Due to heavy use of other database managing tables we require them to be in a MySQL database on a separate server. So it would be great to have django_content_types, django_admin_log and django_migration in that MySQL server.
ContentTypes table is also used a lot and it is difficult to maintain contentTypes form two different database tables so we require it to be in one separate one with values form both the databases. And when one goes there why not the other two: django_migration, django_admin_log.
Also there is requirement to store raw SQL DDL queries in the database to track changes outside of the Django ORM and so it makes sense to add rows to django_migration and a new column to store raw SQL queries.
Also, this is the last thing for sure, django_admin_log only logs admin-site changes and also lacks data in message columns when new row is added or deleted. We really require it to store the JSON of values added to the particular table when adding and when deleting, the instance [json format of row] to message column about the record deleted. And require it to log all transactions on instances of both the databases.
I am looking to [customize/extend/create my own and override] these models in a Django App to gain the above expected behavior and have a portable app to use it in future such projects.
Regards,
Aagam Sheth
I am reading the Tom Aratyn Book - Building Django 2.0 web application. I am on a basic level.
Before migrating my app to the database, he asks to create a database for our Django project. I didn't understand very well how to create this database, he didn't detailed the process. Follow what he says:
" Now that we have a model, we will need to create a table in our database that matches it. We will use Django to generate a migration for us and then run the migration to create a table for our movie model.
While Django can create and run migrations for our Django apps, it will not create the database and database user for our Django project. To create the database and user, we have to connect to the server using an administrator's account. Once we've connected we can create the database and user by executing the following SQL:"
CREATE DATABASE mymdb;
CREATE USER mymdb;
GRANT ALL ON DATABASE mymdb to "mymdb";
ALTER USER mymdb PASSWORD 'development';
ALTER USER mymdb CREATEDB;
I don't know where to type this line of code. Shell? I know his book uses the PostgreSQL database.
Thank you,
To execute commands on the database, you need some kind of client. If you have access to the database server bash, you can use the command line client psql.
For clients with a GUI, pgadmin is the most common. On the interface, you are able to open a window, in which you can insert the SQL commands.
So I'm starting a new Django project that essentially requires the login & registration process be routed through an EXTERNAL & ALREADY created database.
Is it possible to have the User model use an EXTERNAL database table ONLY when Django is:
Logging in a user, to check if the login is valid
Registering a user, inserting data for that user in the external database
I would like for the rest of the Django server to use a local database.
If so, could someone either provide examples or guide me to documentation on the subject?
Easiest way to use multiple database with Django is to use a database routing. By default Django stick to single database, however, if you want to implement more interesting database routing system, you can define and install your own database routers.
Database routers are installed using the DATABASE_ROUTERS setting. You have to specify this setting in your settings.py file
What you have to do is write one AuthRouter as described Django documentation Django Multiple Database
"Yes, but"
What you are looking for in the docs is called "database router".
There is even an example for the auth app in the docs there.
But, there is s serious drawback to consider with this approach:
We cannot have cross-database relationships in the models. If auth tables are in a separate database, this means that any otehr app that needs a foreign key to User model is going to run into problems. You might be able to "fake" the relationships using a db that doesn't enforce relationship checks (SQLite or MyISAM/MySQL).
Out of the box, such apps are: session, authtoken, and admin (and probably more).
Alternatively, a single-sign-on solution might do a better job: django-sso, or django-mama-cas + django-cas-ng, or the commercial Stormpath.
I'm developing a project with django where each user is supposed to have one database.
I found a way to do so :
Fill the settings/dev.py with all databases (one per user)
Use the database router class to route the database to the models to the corresponding database (except the user model which will be redirected to a constant 'users' database of course because it is used to log in)
So when someone creates an account in our website and clicks the verify link sent by mail, it is supposed to query the server to run "manage.py create user", create a database for this user, change settings/dev.py to add the db to the list and finally perform a migration to create the db. Then, the user is redirected to the login page and is logged automatically with its credentials.
But i'm asking myself if is the best way to do that ?
Would we rather do the following ?
Create one app (copy files + settings/dev.py) for each user and determine which app to use from an http header or a subdomain (user.site.com) or a port, etc.
Use one database and create a user_id column in each table
Which one is the better for performance, scalability, security etc. ?
Thanks.
I have a live Django 1.6 project that makes use of a postgresql database. I've currently been developing an API for the project to support a mobile app - making use of South migrations as I go along.
As a result of the of this: I have a new database structure and code-base that is quite far removed from my production database although many of the fields in the production database are still present in the new one.
So as it sits - I have the mobile app running off the new API and the website running off the old database.
How can I go about synchronizing data between the two databases while the front-end for the new website is being developed?
i.e. When a user makes use of the app and then later goes to the website, I'd like their data to be available and vice-versa.
Solutions I've tried:
I cannot use the API to update the new database because it would trigger activation emails for users that have already been activated.
I've tried to use peewee to create a synchronization script where each field in one database is mapped to a field in the other database. This has been effective for tables where the schema are similar but I've had trouble when it comes to keeping foreign key relationships in tact.