The company I work for is starting development of a Django business application that will use MySQL as the database engine. I'm looking for a way to keep from having database credentials stored in a plain-text config file.
I'm coming from a Windows/IIS background where a vhost can impersonate an existing Windows/AD user, and then use those credentials to authenticate with MS SQL Server.
As an example: If the Django application is running with apache2+mod_python on an Ubuntu server, would it be sane to add a "www-data" user to MySQL and then let MySQL verify the credentials using its PAM module?
Hopefully some of that makes sense. Thanks in advance!
MySQL controls access to tables from its own list of users, so it's better to create MySQL users with permissions. You might want to create roles instead of users so you don't have as many to manage: an Admin, a read/write role, a read-only role, etc.
A Django application always runs as the web server user. You could change that to "impersonate" an Ubuntu user, but what if that user is deleted? Leave it as "www-data" and manage the database role that way.
Related
I am new in Django, python , and AWS. I register a user, and I can see the user in my Django admin deployed to AWS. After I write a new feature and 'eb deploy' to AWS. I can see the new feature, but the user I registered before disappear. Can any one help?
#zijila The database is not going to carry over. It is probably a SQLite database for testing purposes. You probably wiped that DB out when you deployed using AWS EB. You should set up a MySQL database in AWS using Aws RDS. add the connection string to that DB and create a new user. That way the user is persisted when you redeploy.
Tip: Try not to write in the answer field when you respond on StackOverflow. Use the comment.
I am reading the Tom Aratyn Book - Building Django 2.0 web application. I am on a basic level.
Before migrating my app to the database, he asks to create a database for our Django project. I didn't understand very well how to create this database, he didn't detailed the process. Follow what he says:
" Now that we have a model, we will need to create a table in our database that matches it. We will use Django to generate a migration for us and then run the migration to create a table for our movie model.
While Django can create and run migrations for our Django apps, it will not create the database and database user for our Django project. To create the database and user, we have to connect to the server using an administrator's account. Once we've connected we can create the database and user by executing the following SQL:"
CREATE DATABASE mymdb;
CREATE USER mymdb;
GRANT ALL ON DATABASE mymdb to "mymdb";
ALTER USER mymdb PASSWORD 'development';
ALTER USER mymdb CREATEDB;
I don't know where to type this line of code. Shell? I know his book uses the PostgreSQL database.
Thank you,
To execute commands on the database, you need some kind of client. If you have access to the database server bash, you can use the command line client psql.
For clients with a GUI, pgadmin is the most common. On the interface, you are able to open a window, in which you can insert the SQL commands.
We have a Python Flask app hosted on IIS 8 with Windows Authentication is turned on.
The ApplicationPool for this IIS app has Identity set to a Custom Account. Let's say for example,
super_usr
This account has SQL Authorization for the SQL Server Databases it is going to access.
Let's say a certain Local User is trying to access the Flask application.
local_usr
The Flask app is able to get the local user's name using
request.environ['REMOTE_USER']
The way PyODBC is used to connect to the database is it uses
TrustedConnection=yes
as a part of the SQL Connection String.
DRIVER={SQL Server};SERVER=XYZ;PORT=123;Trusted_Connection=yes;
So PyODBC opens the connection under the context of the super_usr and NOT the local_usr as IIS has super_usr running the Server.
Now we are looking for a way so that PyODBC opens connection as the local_usr. We don't want to ask the local_usr for their password and keep the Windows Authentication on.
This is for the purpose of having SQL Authorization for the Windows Authenticated User [local_usr] and not the Account running on IIS Application Pool [super_usr].
Is there a way in IIS when the SQL Server are not on the Same Box to authorize the authenticated user instead of passing a certain account to the Application Pool Identity?
Has anyone faced this problem before? And if yes, what's the ideal way to get around this?
Thanks in Advance.
I'm currently connecting to a Postgres db from a Python script and I'm using sqlalchemy with psycopg2:
postgresql+psycopg2://user:password#host:port/dbname[?key=value&key=value...]
This Python script is available to users, and the password is shown in clear text. How can I use an encrypted password instead?
Generally, this is done in a few different ways.
1. Hide your database behind a REST API
Basically, don't make the database directly accessible to users. Provide an interface like a REST API or something similar for users to interact with the database. The username and password are only stored on the server side.
2. Create another DB user with less privileges and only distribute that user.
Your postgres database can have multiple users. Don't give them the user and password for the db owner. Just create a user with less privileges (read-only maybe?) and distribute that user and password.
I am very new to django and web programming. Please excuse the dumb question. I want to create a web application with user authentication. I would like to create the application with django. What's better to store usernames and passwords in a msql database or LDAP on things like OpenLDAP, etc?
Djangos integrated auth system stores credentials in a database by default. You are free to use any custom authentication backend, look here for a start https://docs.djangoproject.com/en/dev/topics/auth/