We've got phpPgAdmin behind a https:// server with certificate authentication.
I remember there used to be an option for a default username and password in the config file, basically avoiding the need to login through the web interface every time we want to access a server. Is that option still in phpPgAdmin? I've been going crazy trying to find it.
PostgreSQL is setup with local trust authentication, so shouldn't pose a problem.
Thanks!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hmm... I don't remember any such feature, and I know we currently don't have it since we manually hack in the info on the demo servers (which is a pretty easy hack for anyone to do). Given the ability of browsers to save user account info these days, I'm guessing that's why we haven't seen much demand for it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have one client where all the people in IT need maintenance access to the tables in our database. But, the IT Director likes to fire people regularly. So, right now, trying to be secure requires a lot of manual work (e.g. create x users, grant permissions, etc and then every time someone gets canned, delete that user... and when they get replace, add a user, grant permissions, etc.). The fact that we're giving a regular db password to the IT staff gives me the shivers. The first time one of them gets pissed off, we're going to have a trashed mess of a database.
I would much rather manage this properly by controlling permissions through a seperate access system that protects phpPgAdmin and have phpPgAdmin itself just use a set user name and password to connect to the db.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This doesn't actually make sense. It sounds to me like the right way to manage this is by creating a role inside the database, and then creating individual user accounts that inherit that role. Then when you add/remove someone, you simply add/remove that role.
There is nothing more secure about managing usernames and password that allow access to a system that automatically logs in, and amanging usernames and passwords to the system it self; all you have done is add a layer of abstraction, and I don't see why you think that is better.
Note, all of this is orthogonal to the feature requested, which I think does have merit, we just need to figure out a good way to do it. :-)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
So, I got past the headache and created a simple modification that allows you to have phpPgAdmin to automatically login to a particular postgresql server. I'm too lazy to create a login, but if you've got questions, you can undisguise my mail me on the contact line below.
/*
Automatic Login
(c) 2008 Tim Wood
contact via: tmwood (at) datawranglers (dot) com
You are free to use this code as long as this notice is retained
Description
This code allows you to configure phpPgAdmion to automatically login
to a particular server and database with a particular default password.
Please ensure that you have taken other measures to secure phpPgAdmin
because any user selecting a server will be logged in with the specified
username and password.
"Installation"
Add this code into lib.inc.php (usually in libraries/)
Insert it immediately after the ini_sets (approx line 75)
Then, modify your config.inc.php file to add a password and username.
The two keys are default_username and default_password.
To add a default login of john and letMeIn to server 0:
$conf['servers'][0]['default_username'] = 'john';
$conf['servers'][0]['default_password'] = 'letMeIn';
*/
if( isset( $_REQUEST['server'] ) ) {
// get the server info
$_server_info = $misc->getServerInfo($_REQUEST['server']);
// if a default username and password are set...
if( isset( $_server_info['default_username'] ) and
isset( $_server_info['default_password'] ) ) {
// fake out a login request with the default info $_POST['loginServer'] = $_REQUEST['server'];
unset( $_POST['server'] );
$_POST['loginUsername'] = $_server_info['default_username'];
$pswd_field = 'loginPassword_'.md5($_POST['loginServer']);
$_POST[$pswd_field] = $_server_info['default_password'];
}
}
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Let's try that again. A couple of returns were mangled in my previous post:
/*
Automatic Login
(c) 2008 Tim Wood
contact via: tmwood (at) datawranglers (dot) com
You are free to use this code as long as this notice is retained
Description
This code allows you to configure phpPgAdmion to automatically login
to a particular server and database with a particular default password.
Please ensure that you have taken other measures to secure phpPgAdmin
because any user selecting a server will be logged in with the specified
username and password.
"Installation"
Add this code into lib.inc.php (usually in libraries/)
Insert it immediately after the ini_sets (approx line 75)
Then, modify your config.inc.php file to add a password and username.
The two keys are default_username and default_password.
To add a default login of john and letMeIn to server 0:
$conf['servers'][0]['default_username'] = 'john';
$conf['servers'][0]['default_password'] = 'letMeIn';
*/
if( isset( $_REQUEST['server'] ) ) {
// get the server info
$_server_info = $misc->getServerInfo($_REQUEST['server']);
// if a default username and password are set...
if( isset( $_server_info['default_username'] ) and
isset( $_server_info['default_password'] )
) {
// fake out a login request with the default info
$_POST['loginServer'] = $_REQUEST['server'];
unset( $_POST['server'] );
$_POST['loginUsername'] = $_server_info['default_username'];
$pswd_field = 'loginPassword_'.md5($_POST['loginServer']);
$_POST[$pswd_field] = $_server_info['default_password'];
}
}
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We've got phpPgAdmin behind a https:// server with certificate authentication.
I remember there used to be an option for a default username and password in the config file, basically avoiding the need to login through the web interface every time we want to access a server. Is that option still in phpPgAdmin? I've been going crazy trying to find it.
PostgreSQL is setup with local trust authentication, so shouldn't pose a problem.
Thanks!
Hmm... I don't remember any such feature, and I know we currently don't have it since we manually hack in the info on the demo servers (which is a pretty easy hack for anyone to do). Given the ability of browsers to save user account info these days, I'm guessing that's why we haven't seen much demand for it.
There are now at least three of us asking for this feature (see also http://sourceforge.net/forum/message.php?msg_id=5097373\). Trying to figure out where to hack the code has given me a big headache.
I have one client where all the people in IT need maintenance access to the tables in our database. But, the IT Director likes to fire people regularly. So, right now, trying to be secure requires a lot of manual work (e.g. create x users, grant permissions, etc and then every time someone gets canned, delete that user... and when they get replace, add a user, grant permissions, etc.). The fact that we're giving a regular db password to the IT staff gives me the shivers. The first time one of them gets pissed off, we're going to have a trashed mess of a database.
I would much rather manage this properly by controlling permissions through a seperate access system that protects phpPgAdmin and have phpPgAdmin itself just use a set user name and password to connect to the db.
This doesn't actually make sense. It sounds to me like the right way to manage this is by creating a role inside the database, and then creating individual user accounts that inherit that role. Then when you add/remove someone, you simply add/remove that role.
There is nothing more secure about managing usernames and password that allow access to a system that automatically logs in, and amanging usernames and passwords to the system it self; all you have done is add a layer of abstraction, and I don't see why you think that is better.
Note, all of this is orthogonal to the feature requested, which I think does have merit, we just need to figure out a good way to do it. :-)
So, I got past the headache and created a simple modification that allows you to have phpPgAdmin to automatically login to a particular postgresql server. I'm too lazy to create a login, but if you've got questions, you can undisguise my mail me on the contact line below.
/*
Automatic Login
(c) 2008 Tim Wood
contact via: tmwood (at) datawranglers (dot) com
You are free to use this code as long as this notice is retained
Description
This code allows you to configure phpPgAdmion to automatically login
to a particular server and database with a particular default password.
Please ensure that you have taken other measures to secure phpPgAdmin
because any user selecting a server will be logged in with the specified
username and password.
"Installation"
Add this code into lib.inc.php (usually in libraries/)
Insert it immediately after the ini_sets (approx line 75)
Then, modify your config.inc.php file to add a password and username.
The two keys are default_username and default_password.
To add a default login of john and letMeIn to server 0:
$conf['servers'][0]['default_username'] = 'john';
$conf['servers'][0]['default_password'] = 'letMeIn';
*/
if( isset( $_REQUEST['server'] ) ) {
// get the server info
$_server_info = $misc->getServerInfo($_REQUEST['server']);
// if a default username and password are set...
if( isset( $_server_info['default_username'] ) and
isset( $_server_info['default_password'] ) ) {
// fake out a login request with the default info $_POST['loginServer'] = $_REQUEST['server'];
unset( $_POST['server'] );
$_POST['loginUsername'] = $_server_info['default_username'];
$pswd_field = 'loginPassword_'.md5($_POST['loginServer']);
$_POST[$pswd_field] = $_server_info['default_password'];
}
}
Let's try that again. A couple of returns were mangled in my previous post:
/*
Automatic Login
(c) 2008 Tim Wood
contact via: tmwood (at) datawranglers (dot) com
You are free to use this code as long as this notice is retained
Description
This code allows you to configure phpPgAdmion to automatically login
to a particular server and database with a particular default password.
Please ensure that you have taken other measures to secure phpPgAdmin
because any user selecting a server will be logged in with the specified
username and password.
"Installation"
Add this code into lib.inc.php (usually in libraries/)
Insert it immediately after the ini_sets (approx line 75)
Then, modify your config.inc.php file to add a password and username.
The two keys are default_username and default_password.
To add a default login of john and letMeIn to server 0:
$conf['servers'][0]['default_username'] = 'john';
$conf['servers'][0]['default_password'] = 'letMeIn';
*/
if( isset( $_REQUEST['server'] ) ) {
// get the server info
$_server_info = $misc->getServerInfo($_REQUEST['server']);
// if a default username and password are set...
if( isset( $_server_info['default_username'] ) and
isset( $_server_info['default_password'] )
) {
// fake out a login request with the default info
$_POST['loginServer'] = $_REQUEST['server'];
unset( $_POST['server'] );
$_POST['loginUsername'] = $_server_info['default_username'];
$pswd_field = 'loginPassword_'.md5($_POST['loginServer']);
$_POST[$pswd_field] = $_server_info['default_password'];
}
}
Here is a gist of that code: https://gist.github.com/fnkr/51f0a92b9f0c658287ec
I even removed 4 spaces from the indentation so the indentation level fits if you insert it into the lib.inc.php.