I'm planning a multi tenancy app with nodejs and sequelize(mysql dialect). I'm gonna have a single app and multiple databases for each client. I'd need to connect to a client database after authentication (with passport.js). So there is a classic master database with clients info and db user,host and pwd, and then after the successful login the app connects to the specific client db. How could i do something like this? I was thinking to use sessions...maybe a middleware that for each request fetch the session and then passes the data to sequelize config object? Could anyone share with me how he/she manage to do something similar? I'm stuck in a logical trap ! Thank you
You're very close.
When you look up the user in your master db, in order to validate the username/password, you will also look up the connection string to the user-specific database. Then youu can create a simple express middleware function to open up the specific connection at the beginning of each request.
You will need usernames and passwords for the databases. For best security, they should not be the same as the users' usernames and passwords: If somebody cracks your web app and user table, you don't want them to have all the passwords.
But, what you propose is not classic multitenancy. Multitenancy is creating a single database, in which the various tables have columns mentioning which user they are for. Then once passport tells you the user's id, you can put it into your queries (for example, SELECT .... WHERE user_id = <<value>> AND ....
Your proposal will work tolerably well for a few dozen users. But what happens if you get tens of thousands of users? That will be a lot of separate databases.
Related
I am trying to setup ejabberd as IM solution for my project, which will be mobile app + backend. I am using SQL auth (and SQL store for all modules also), using MSSQL via ODBC. I have some questions I didnt find answered in docs.
Do I understand correctly, that ejabberd is multi-tenant (since it can support multiple domains). If so, how are users assigned to particular tenant (domain)? In users table in DB, there is only username (without domain part). Can I have two different users john#jabber.myproject.com and john#jabber.myotherproject.net ?
I want to create XMPP accounts on ejabberd automatically (user doesnt need to know anything about underlaying service) - do I need to register users via API, or can I insert rows directly into DB table users and ejabberd will be OK with it?
In users table in DB, there is only username (without domain part). Can I have two different users john#jabber.myproject.com and john#jabber.myotherproject.net ?
Create a new database for each vhost, and use the host_config option in ejabberd.yml to tell which database to use for each vhost:
https://docs.ejabberd.im/admin/configuration/#database-and-ldap-configuration
Or you can enable the new SQL schema, see https://blog.process-one.net/ejabberd-18-03/
do I need to register users via API, or can I insert rows directly into DB table users and ejabberd will be OK with it?
Both are acceptable. In the second case, there are chances that some task performed at account registration is missing in your server, but I don't remember any module that performs any task at account registration. So, it looks OK.
I am writing a multi-user-application in Delphi (Object Pascal).
I want to use either MySql, Oracle or PostgreSQL as database.
I have a table Users with a username and password column.
(I do not want to have seperate DB logins for each user)
Of course the application itself has to connect to the database and authorize users by the entered username and password combination.
Software like SAP, Sage or Social Networks would use the same approach, i would guess?
So the application has to know a DB login username and password to connect to the database and then check the Users table.
My question is:
Where do i save the DB login username and password for the application so it can check the Users table?
I do not want to hardcode it in the application as it can be easily accessed by reverse engineering and then used to directly connect to the database.
Honestly, your best approach is to follow best security practices around your server. You could use a salt, but the hash function will have to live on the server, too, and if a hacker has access to the server in the first place then it won't be long before they find the hash and pull the password.
I think efficient organization actually produces some security through obscurity. That is, put the DB connect credentials and string in a config file. Still, access to the application code will give a hacker the clues to get what they want, but it doesn't mean you shouldn't follow best coding practices.
Then, lock down your box. Work with your security team to make sure it isn't accessible by anyone they don't want accessing it.
I need to store data for each user in ejabberd.How can I do this ? I mean I need to add one more field to user table and I should update this data whenever.
How can I do this ?
This is what I am doing.
During registration process in my Android Chat application, I post data like the desired userid (jabberid), password, email, display name, gender, mobile etc. to my PHP API. The PHP code validates if userid already exists and if it doesn't then it creates the user first in an external mysql database, storing all the fields received in post, and then creates the real user in ejabberd by executing the ejabberdctl register command. There will be some permission issues executing the command inside apace\PHP which I successfully resolved using this answer here. Now I can access the user data using my PHP API.
The idea is that I am not overloading the mnesia database with rarely accessed or modified data. IMHO, this helps if you don't want to switch ejabberd to odbc\mysql mode and lose potential benefits of mnesia or if you are planning to run mnesia in "RAM Only" mode. All this I am saying with limited knowledge of ejabberd, hence don't take my word as gospel.
I'm working on a bunch of cakephp apps that are all services that you have access to when you login to the main website. Each app will be hosted on a separate server, and there will be a separate login server as well.
Doing the research, I found Cakephp supports writing sessions to a database, http://blog.jambura.com/2011/08/24/should-i-use-database-for-storing-sessions-in-cakephp/
And also it supports having multiple database connections,
http://bakery.cakephp.org/articles/mithesh/2008/09/02/talking-to-multiple-databases-from-single-cakephp-application
So I was considering the possibility of storing the sessions on the login server, which the other websites all access, and then they all use their own databases for the rest of their data. It seems like it would be simple to implement, but I have concern that there would be too much reading and writing on the login server's database. Is there a way to optimize for this? Or should I do another approach entirely?
Try check useDbConfig property of model. Think, that it will be simpler if your sessions and users tables will be on the same database, then you will common user database and sessions. So, you will not require to implement SSO.
how to connect database table with the local username id and password of the system?. When user logs into the machine. opens up the software, he gets only the assets alloted to him. asset information is contained in the database table..anyone has any idea on how to implement this.I'm using mySQLdb with pyqt4.(creating an asset manager, user gets only the assets alloted to him )
As has been stated in the comments, the tables should not be any different between users. Also, there is no way to get the users password without them entering it again. And once you do have them enter it, you would have to use some method to authenticate them, such as checking it against an LDAP server.
Otherwise, if you simply want to base the delivery of database information of the current logged user and assume that them being logged in is enough of an authentication, you could simple get the login name with os.getlogin()
Most likely what you would just be doing is selecting on your table, data that has that username as matching criteria of some column. You wouldn't be using any sort of database-level authentication to filter the data. The authentication comes from some other earlier layer.
In pseudo-code: select * from assets where user is <result of os.login()>
With regards to the reason you are getting downvotes... People would like to see more context about your problem to understand the solution you are after. What is the structure of your database tables? Are you associating asset records with users? Is there a specific need for security or simply automatically identifying a user that is running the software? People on SO that take a little more time to outline their problem, the context, and what they have tried, tend to get better responses and upvotes.