I would like to have some help with the parameters passed under the connection string through a .py file trying connection to my Oracle Apex workspace database:
connection = cx_Oracle.connect("user", "password", "dbhost.example.com/dbinstance", encoding="UTF-8")
On the login page at "apex.oracle.com", we have to pass the following information:
Can I assume that the "user" parameter is equal to the USERNAME info, the "password" parameter is equal to the PASSWORD info and the "dbinstance" parameter is equal to the WORKSPACE info?
And what about the hostname? What is it expected as parameter? How do I find it?
Thank you very much for any support.
Those parameters are not equivalent. An APEX workspace is a logical construct that exists only within APEX; it does not correspond to a physical database instance. Username and password do not necessarily correspond to database users, as APEX is capable of multiple methods of authentication.
APEX itself runs entirely within a single physical database. An APEX instance supports multiple logical workspaces, each of which may have its own independent APEX user accounts that often (usually) do not correspond to database users at all. APEX-based apps may have entirely separate authentication methods of their own, too, and generally do not use the same users defined for the APEX workspaces.
When an APEX application does connect to a database to run, it connects as a proxy user using an otherwise unprivileged database account like APEX_PUBLIC_USER.
If you want to connect Python to APEX, you would have to connect like you would any other web app: through the URL using whatever credentials are appropriate to the user interface and then parsing the HTML output, or through an APEX/ORDS REST API (that you would have to first build and deploy).
If you want to connect to the database behind APEX, then you would need an appropriately provisioned database (not APEX) account, credentials and connectivity information provided by the database administrator.
Related
I am trying to connect snowflake to Python using my user snowflake credentials but its getting error while executing(I have cross checked my sf credential everything is perfect), Later i have tried to use my colleagues user credentials to connect its working(used the same code but changed the credentials) no error and snowflake is connecting to his account. can anyone help me where would be the problemerror details
There are a couple of URLs that can be used to access your Snowflake account. I recommend SNOWFLAKE_DEPLOYMENT_REGIONLESS
You can run this query on your account to find them:
-- account URLs
select t.value:type::varchar as type,
t.value:host::varchar as host,
t.value:port as port
from table(flatten(input => parse_json(system$whitelist()))) as t
where t.value:type::varchar like 'SNOWFLAKE%';
There are several factors that could be impacting whether or not you can connect, including network policies or firewalls.
You can use SnowCD (Connectivity Diagnostic Tool) to rule out there are any issues connecting to Snowflake from your machine.
If you can connect from your local machine, but are attempting to via python from a remote machine, the issue is very likely a network policy (snowflake defined firewall) has been set to restrict IP addresses that can connect to Snowflake by your Snowflake admin.
If SnowCD reports no errors and network policies are ruled out, reach out to Snowflake support for further investigation.
If for some reason hyphens are not supported in the URL, you can replace them with underscores.
organization_name-account_name (for most URLs and other general
purpose usage)
organization_name_account_name (for scenarios/features where hyphens
are not supported in URLs)
organization_name.account_name (for SQL commands and operations)
Where:
organization_name is the name of your Snowflake organization.
account_name is the unique name of your account within your
organization.
I have a login interface, I used tkinter and sqlite3 as database, everything works fine, in my data base stored locally in my PC I've created an username and password which i use to login, I would like to know if there is a way to store only my sqlite.db in a cloud or some server and i can still be able to login with my tkinter interface in any computer using my databese in the cloud.
this is what im using to connect my sqlite database locally and works smootly.
conn = sqlite3.connect('login_file.db')
c = conn.cursor()
user = entry_usuario.get()
contra = entry_contrasena.get()
c.execute('SELECT * FROM superusuario WHERE usuario = ? AND password = ?', (user, contra))
if c.fetchall():
messagebox.showinfo(title='login correcto', message='usuario y contraseña correctos')
else:
messagebox.showerror(tittle=None, message='Contraseña Incorrecta')
c.close()
Psdt: I was trying to use firebase authentication to link with my tkinter login interface, but i wasnt succesful with it (i dont know how to replace it), maybe i should use another server?, any advise please let me know, thanks in advance have a good day
sqlite is a file based database, with no in built network server. So your application needs to access it as a file in a known location.
The only way to do this without a server side function is to host it on a remote network drive - and mount it on your pc; but to do that you leave your data exposed since sqlite data bases aren't password protected in any form - anyone could download the database and open it.
To protect it you would need to implement a network server (maybe on an AWS server - or similar) which gave protected access and exposed the data as a REST API, or even better, don't use sqlite if you want a remote database.
I am trying to identify the number of connections to a postgres database. This is in context of the connection limit on heroku-postgres for dev and hobby plans, which is limited to 20. I have a python django application using the database. I want to understand what constitute a connection. Will each instance of an user using the application count as one connection ? Or The connection from the application to the database is counted as one.
To figure this out I tried the following.
Opened multiple instances of the application from different clients (3 separate machines).
Connected to the database using an online Adminer tool(https://adminer.cs50.net/)
Connected to the database using pgAdmin installed in my local system.
Created and ran dataclips (query reports) on the database from heroku.
Ran the following query from adminer and pgadmin to observe the number of records:
select * from pg_stat_activity where datname ='db_name';
Initial it seemed there was a new record for each for the instance of the application I opened and 1 record for the adminer instance. After some time the query from adminer was showing 6 records (2 connections for adminer, 2 for the pgadmin and 2 for the web-app).
Unfortunately I am still not sure if each instance of users using my web application would be counted as a connection or will all connections to the database from the web app be counted as one ?
Thanks in advance.
Best Regards!
Using PostgreSQL parameters to log connections and disconnections (with right log_line_prefix parameter to have client information) should help:
log_connections (boolean)
Causes each attempted connection to the server to be logged, as well as successful completion of client authentication. Only
superusers can change this parameter at session start, and it cannot
be changed at all within a session. The default is off.
log_disconnections (boolean)
Causes session terminations to be logged. The log output provides information similar to log_connections, plus the duration of the
session. Only superusers can change this parameter at session start,
and it cannot be changed at all within a session. The default is off.
I am trying to connect Oracle remote database server using Python cx_Oracle. In sqlplus I do use "sqlplus / as sysdba" for connecting server using putty Console and i am to login successfully. Can you please help me on this why it was throwing this error.
import cx_Oracle
tns= cx_Oracle.makedsn('ip', port, SERVICE NAME = 'SID')
db = cx_Oracle.connect('SYS', 'password', tns, mode=cx_Oracle.SYSDBA)
It was throwing Error :
cx_Oracle Database Error ORA-01031: insufficient privileges
I already made one normal DB user and tried connecting with and it was Successful.
db = cx_Oracle.connect('USERNAME', 'password', tns)
You should be able to do most (all?) of the kind of things you mentioned with the normal "DBA" role. SYSDBA is often only necessary when doing things that require restart of the database, software and patch installation, or with backup/recovery scenarios, and is insanely overpowered for day-to-day uses. Depending on your version of Oracle, it is capable of bypassing many security features entirely, and is generally not safe to use within most scripts and applications for that reason. Use should be limited to things that only SYSDBA can do.
Additionally, the SYS user may not be allowed to connect over the network (you're using a TNS connection), as it is authenticated by the server operating system which implies local login only. That's why "sqlplus / as sysdba" works when you're logged in to the database server.
Consider the following:
If you must have actual SYSDBA privileges and nothing else will do, grant the SYSDBA role to another user and use that instead. As #Littlefoot suggested, never use the SYS or SYSTEM accounts for day-to-day administrative work, either on the server or remotely.
Never embed username and password in your scripts or application code, especially for an account that powerful. Use an Oracle Wallet to hold encrypted user credentials instead, or better yet prompt the user to enter them at runtime. Putting credentials like that directly in a script is a sure way to fail a security audit.
Follow the principle of least privilege and don't use a SYSDBA or DBA-role enabled account for anything else other than what you need those specific privileges to do (adding files, etc.). Use lesser accounts where possible.
When using privileged accounts like those with DBA or SYSDBA privileges over the network, you should encrypt all communications.
See these links for details:
https://pmdba.wordpress.com/2020/01/13/how-to-hide-oracle-passwords-in-a-script/
https://pmdba.wordpress.com/2014/10/16/database-account-password-storage/
There is a Postgres database that I connect to with SQLAlchemy.
I currently have the database's connection parameters (database name, host, port, username, password) all hard coded in the Python file. I want to change that.
I read here that one should store these parameters in environment variables. Of the five connection parameters, what should I store in environment variables?
Obviously I will store password, but should I additionally store username and host? What is the convention here?
Putting settings in environment variables isn't just about security. It's also about flexibility. Anything that's likely to change between environments is a good candidate to be put in environment variables.
Consider your database. Is it likely that the host, user name, and database name might be different on different environments? I suspect so. Many projects might use a database on localhost or on a Docker image called db in docker-compose.yml in development, and to use a dedicated database server or hosted database in production.
A common pattern is to encode your entire database connection string in a single environment variable DATABASE_URL. The format¹ is something like
<engine>://<user>:<password>#<host>:<port>/<database>
For example, you might use something like
postgres://db_user:password#localhost/app_db
Many database libraries, including SQLAlchemy can connect to databases using this single string directly.
¹This is a specialization on regular URL syntax.
Why hardcode anything? Just move all of these parameters to environment variables.
One of the way to do this will be as below from security point of view.
Assuming that we classify password as sensitive data and we want to encrypt only the password. Rest information can be either in environment variables or into the config files.
1) Have a random value based salt that is specific to the server generated at the time of encryption program invocation. This value is saved into file. Lets call it salt.bin
2) Change permission of the salt.bin file such that it is readable only operating system user which will run your program.
3) Have security personal/entrusted personal enter password to the encryption program and saved the encrypted value into a file. Lets call it db_config.bin.
4) Change permission of the db_config.bin file such that it is readable only by operating system user which will run your program.
Now during program execution time, let program read salt.bin file and db_config.bin file. Decrypt db_config.bin by using salt.bin. Program uses this password along with config files values for host, port, and other details to connect to database .
All of above can be accomplished with python.See here.