I have created a Google Cloud Project MySQL database to use in conjunction with the Jdbc service provided by Google Apps Script. Everything went as planned with the connection. I am basically connecting as it does in the docs.
var conn = Jdbc.getCloudSqlConnection(dbUrl, user, userPwd);
I shared the file with another account and all of a sudden I am seeing a red error saying:
'Failed to establish a database connection. Check connection string, username and password.'
Nothing changed in the code, but there is an error. When I go back to my original account and run the same bit of code, there is no error. What is happening here? Any ideas?
Jdbc.getConnection works from both: my account and another account:
var conn = Jdbc.getConnection('jdbc:mysql://' + IP + ':3306/' + database_name, user, password)
I'm really confused because the recommended method did not work.
There are two ways of establishing a connection with a Google Cloud
SQL database using Apps Script's JDBC service:
(Recommended) Connecting using Jdbc.getCloudSqlConnection(url)
Connecting using Jdbc.getConnection(url)
Notes:
IP is a Public IP address from the OVERVIEW tab in your database console:
I've allowed any host when created a user:
I am not sure whether this question has been resolved or not, but let me add this answer.
I also faced the same problem but I found the resolution. What I did is:
First, go to the console.
https://console.cloud.google.com
Then, open IAM.
and add the account as a member and add this permission: "Cloud SQL Client".
I think this is a permission issue in your second account. Necessary information are missing in your question. But, the secound account, if run as a another user, won't necessarily have your sqlservice authorization. The permission,
https://www.googleapis.com/auth/sqlservice
Manage the data in your Google SQL Service instances
is required to use Jdbc.getCloudSqlConnection(url), while Jdbc#getConnectionUrl() just requires external link connection permission
https://www.googleapis.com/auth/script.external_request
I believe that you can only connect to sql instances owned by you with getCloudSqlConnection() which doesn't even require external connection permission. This method probably calls your sql instance internally.
References:
Jdbc#getCloudConnection
Jdbc#getConnection
Conclusion
To connect to any external service, you need external_request permission. But, You don't need that permission to connect to your own documents say, Spreadsheets owned by you/have edit access permission - through SpreadsheetApp.openByUrl(). I believe it's the same thing with Jdbc.getCloudSqlConnection(). It calls your Google sql internally - So, even if you grant external request permission, It won't work. What will work for this method is
Installable triggers (which runs as you).
Add the second account also as owner in GCP-IAM (may not work though) See this answer
I'd double-check once again all IP ranges which should be whitelisted. According to your description it worked fine in first account, probably in second account Apps Script uses another IP for connection, which was not whitelisted or whitelisted with some typo. Could you share screenshot how did you exactly whitelist the ranges from this article?
I have a GAS Add-On that uses a Google cloud dB. I initially set this up by:
Whitelisting Google Cloud IP ranges in my SQL instance
Getting the script.external_request scope approved for OAuth Consent screen
This all works great from GAS for the add-on, but I suspect that if this whitelist is not comprehensive and volatile (which I expect it is), I will see intermittent connectivity issues.
I recently added a Firebase web app that needs access to the same dB. I had issues, because Firebase does not conform to those Google IP ranges and does not expose its IP for whitelisting. So I had to create a socket layer connection as if Firebase was an external service.
Which got me thinking, should I put a socket layer in my GAS Add-On? But nothing in the GAS JBDC Class documentation indicates a socket parameter.
Which leads me to a question that was not really answered in this thread:
Does anyone know why Jdbc.getCloudSqlConnection(url) is the "Recommended" approach? The documentation seems to imply that because the IP whitelisting is not required, Jdbc.getCloudSqlConnection(url) is using a socket (or some other secure method) to connect to the dB?
It also seems silly that if that is the case, that I would need two have two sensitive scopes to manage a dB connection. I would rather not go through another OAuth const audit and require my users to accept another scope unless there is a benefit to doing so.
I am quite new in learning Networking and stuff related to Servers.
I have a question about FTP server security. Please forgive me if it is too simple.
I have signed up for FTP server and I uploaded a file. The URL of the file is
zanubvideos.ezyro.com/Shortest.mp4. And anyone, who have this URL can access my file anytime anywhere. And I think this has made my file insecure, Isn't it? Then how can we say that FTP is secure?
Please correct me if I am wrong.
install a Secure FTP Server on Windows using IIS. or
you can make FTP secure by using following methods :
1.Disable Anonymous Access
2.Enable Logging
3. Harden your ACLS.
4. Setup your FTP site as Blind Put
5.Enable Disk Quotas.
6.Use Logon Time Restrictions
7.Restrict Access by IP
8.Audit Logon Events
9.Enable Strong Password Requirement
10.Enable Account Lockout and Account Lockout Threshold
for more details visit Steps to a Secure FTP Server
We have set up an SMTP server using IIS Manager 6. The website is managed through IIS7. It will send emails to any external email address, but emails to our own domain never leave the queue! We verified that we are able to perform an NSLookup of our own domain from that box, and we can.
Has anyone ever seen this problem before? Any help is greatly appreciated.
Just for anyone's knowledge: It ended up being a messed-up MX record someone set up a long time ago.
I made a dumb mistake and am hoping someone is smart enough to help me out of it :)
Using CDOSYS to send email from VBSCRIPT on an old web site. Switched servers; new host requires using a specific IP address for outgoing mail server. My previous host required simply "localhost" I failed to change that for a particular page. Analytics show me the form was submitted and, you guessed it, I would really like to have the contents of that failed email.
It never registered within SmarterMail, so it isn't in the logs there... Could at least part of the info be stored away in a log file somewhere? I was able to access the site logs and determine the IP address of the user that completed the form if that helps.
Thanks for taking the time and for any ideas!
It is possible it's in the local SMTP server's "badmail" folder. If it's not there, you're out of luck.
I have an annoying problem.
On every machine on the network, browsing to our internal MS CRM URL works fine. However, if I log into the actual server itself and try to connect the same credentials just do not work. I get this error:
HTTP Error 401.1 - Unauthorized
You do not have permission to view this directory or page using the credentials that you supplied.
I can't figure it out. They're on the same domain, everything should be fine. It's a big problem because there is an application running on the server that needs to connect to the CRM webservice - and fails.
Even with Basic Auth, I enter the username and password and it fails.
Any ideas?
You might be hitting the loopback security check. Read this KB article to see if you are, and how to disable it so things will work: http://support.microsoft.com/default.aspx?scid=kb;en-us;896861