I'm using Laravel 5. I see Laravel uses .env to connect databases for example DB_USERNAME and DB_PASSWORD, but i want to log in and use my username and password from my form to connect with those values from withim my oracle database with a table name "dba_users" which has the user and password and some others fields
i want to do that becauses each user has their own granted permissions(roles) to certain tables, thus Oracle would managed the user login permissions and not the .env DB_USERNAME.
Any ideas?
Thanks
The real term or question title for this would be "Dynamic Laravel Database Connections" on multi-tenant application. If you google about it you will find a lot of code like this: https://laracasts.com/discuss/channels/tips/set-up-dynamic-database-connection-globally
Related
I have the following business problem to solve in a big legacy application written in PL/SQL and Oracle Forms 6i:
Not allow users to log in using their database accounts.
The whole application has around 50 users who use their database accounts. The audit department doesn’t allow that users know their database accounts passwords.
Rewriting the application to use a new user rights logic (using a table like USERS, only 1 database user, etc.) is out of the question as it’s too much work.
I thought about the following solution to use the existing database users:
Create a table USERS with usernames and new passwords, and somehow use a proxy user. In a package the application will check if the provided password is in line with the table USERS, and then connect as 1 of the 50 database users – so all application logic and user rights can stay the same.
But there is one problem with this workaround – you can’t use „connect” in a package. So I can’t use it.
begin
IF
p_in_user == USER2 AND p_in_pass == XXX
THEN
EXECUTE IMMEDIATE 'conn USER2/Password123'; -- doesn't work, using a proxy neither
END IF;
END;
Does anyone has any ideas?
The audit department doesn’t allow that users know their database accounts passwords
You can use encripted passwords.
Oracle allow to use encripted passwords through profile settings.
You can use a function to encript a clear password:
the clear password is given to end user
and on oracle database the user account is created/changed with the encripted password.
The user use his/her clear password to login and during login Oracle conver this to a encripted password for authentication.
Please confirm is this solution is ok, so I can post an example.
I am using Oracle Apex v5.1 and application is using LDAP authentication.
I have a separate 'Create new user' form in application which is inserting user details such as NT-IDs, privilege into a user table.
Whenever user is logging to application, login password is been taken care by LDAP directory.
I want to know that is there any way to get user details such as full name, email address etc from LDAP directory instead of manual insertion into my user table?
What query I can use, so that User name/Email id will automatically inserted into table once user has created in that Oracle Apex form.
Please help. Thank you.
You can connect to LDAP using PL/SQL APIs, as described by Tim
You could then construct a pipelined function around this to allow you to query using SQL.
For performance, you could create a materialised view on this query.
This technique was also described in a chapter of an APEX book co-authored with John Scott.
I am building an app and will need multi auth to works well. First, users that will log as employees using table users with email and password. I´m using Voyager as backend and using roles and permissions. So far, so good. Now I have another kind of user: they are registered on an ERP and I reach then via WS using CPF (like the social-secure number) and password stored in ERP. Then I get then and record at a table all the data I need. It is working well as good. Well, was working. For those users, I used the API route, just not to make a mess on my web routes file. Yesterday I ran PHP artisan make:auth and that´s when things start to get crazy.
Every axios call now returns me an 'unauthorized' message cause, obviously, they´re not authenticated.
What would be better?
Refactory Users login to use CPF instead of email and give a new role for those others API guys and make then pass trough web.php file like everybody?
Use a multiauth package?
Or anything else?
Please, help!
To me, a user is a user. It seems to be a common thing that if an application has more than one “type” of user, that developers instantly start creating multiple Eloquent models, then guards, then controllers, then views, and so on; and then find themselves in a mess when they need a route that can be accessed by more than one type of user.
Instead, elevate “type” to its own model and add it as a relation to your User model. If a user can only be of one type, then make it a one-to-many relation. If a user can have many roles, then make it a belongs-to-many relation. You then use authorization to determine whether a user can access a route based on the role(s) they have.
What is it about ?
The database session driver now includes user_id and ip_address so you can easily clear all sessions for a given user.
What's the Problem
I checked this Article while reading what's new in Laravel 5.2
Is there any blog that clearly explains on how to logout the duplicate sessions created using multiple IP address or through the same IP address using multiple browsers ?
As far as I see there is no difficulty with that.
Sample data in this table looks like below:
So you have here user_id, browser and last activity timestamp. So if you want you can now add to cron for example running the following query:
select user_id, count(*) AS `total` FROM sessions GROUP by user_id HAVING count(*) > 1
This will give you users with multiple sessions and you'll be able to decide what to do with them. You can for example remove all sessions for those users or leave only the last one and remove all the others. It's up to you of course.
In the moment when you remove the record from database user will need to login again so for example above if I removed my session for Firefox, I need to login again in Firefox to be logged on my account.
EDIT
Be aware that by default there is no sessions table (because many users won't use database driver for sessions). To create this table you need to run:
php artisan session:table
The above command will create sessions migration
and then you need to run
php artisan migrate
to apply this migration into database
I have a host and cPanel access but only one main user and password to cPanel.
I want to give someone access to phpMyAdmin but don't want to give that person my main user and password for cPanel.
Is there anyway to give someone access to phpMyAdmin but not cPanel?
The phpMyAdmin which comes with cPanel (in the 3rdparty-directory) is apparently secured with the cpanel-authentication, so the answer is "no".
You could install your own phpMyAdmin (maybe it's even available in the script-center/one-click-installer) and set it up to directly authenticate on the MySQL-server with your custom MySQL-user or just let your user enter his credentials which you have supplied.
As I was looking for an answer to this question, I found the following method that did the job for me:
How to access phpMyAdmin directly from my domain?
This worked well for me, although I'm using a different hosting provider then Siteground.
Steps I followed:
Downloaded the phpmyadmin installation package. I found the appropriate version, as hosted on my server at sourceforge.net/projects/phpmyadmin/files/phpMyAdmin
Extracted the package.
Uploaded the files into a suitable folder. I used: public_html/phpmyadmin/
Now, via the direct URL [http://yourdomain.com/phpmyadmin] I can strictly grant access to a specific database, I have created in cPanel (using the specific user name + password).
Please note this extra security measure:
For additional security we would also recommend you to Password Protect the directory in which the tool is installed.
You cannot give direct access to your phpMyAdmin without providing direct cPanel access as well.
This is a security measure from cPanel as phpMyAdmin is known to be one of the most exploited PHP applications of all time. It is only available after you start your session by logging into cPanel.
A nice work-around this is to do the following:
Create a MySQL User for the other person. Assign that MySQL User to your Database. Both of those are done through:
cPanel -> MySQL Databases
After that you need to allow access for the other person by adding his/hers IP address in your Remote MySQL Connection - this is also a tool in cPanel
After that the other person will be able to connect to your Database without direct access to your cPanel nor phpMyAdmin, it can be done using software like MySQL WorkBench
cPanel user account has a privileges to control all created databases under cPanel account, And because phpMyAdmin in cPanel is using cPanel authentication you are automatically redirected to the phpMyAdmin control page without asking for login info.
Your target could be done with changing cPanel password without changing mysql user password.
You can do the following steps :
1 - Create MySQL user and add this user to database with full privs.
2 - Create new cPanel account Login through new account Change new cpanel
3 - user password through "Change Password" And un-check Allow MySQL
password change.
4 - Click phpMyAdmin from the new cpanel account and you
will be asked for login info
5- Type the login info of the created mysql
user in step1.
You can now login to the required database without old account cPanel info.
There is another soln is to copy /usr/local/cpanel/base/3rdparty/phpMyAdmin to /usr/local/apache/htdocs and login through http://ip/phpMyAdmin
Don't forget to change the auth_type in /usr/local/apache/htdocs/phpMyAdmin/config.inc.php to http or cookie