Menu
▾
▴
Re: [Slashcode-general] DBIx-Password: Access denied for virtualuser to database
|
From: Marc G. F. <sc...@hu...> - 2011-02-15 20:18:57
|
Okay, grantd that I may be missing something obvious, but you can only
have *one* connect string per virtual user, but as many virtual users as
you wish ... the code itself states, for instance:
sub connect {
my ($class, $user, $options) = @_;
return undef unless $virtual1->{$user};
my $self;
my $virtual = $virtual1->{$user};
return undef unless $virtual;
$self = DBI->connect($virtual->{connect}
, $virtual->{'username'}
, $virtual->{'password'}
, $virtual->{'attributes'}
);
return undef unless $self;
bless $self, $class;
$driver_cache{$self} = $user;
return $self;
}
Everything is key'd on the $user value ... so I can't have:
virtual_user haxlash with a connect string to mysql
*and*
virtual_user haxlash with a connect string to pgsql
I have to definte two seperate virtual users, one for myslq, one for pgsql
...
Again, unless I'm mis-reading the code, you can have as many virtaul Users
as you want, but each connect has to have a unique virtual user ...
On Tue, 15 Feb 2011, W. Scott Lockwood III wrote:
> You can have multiple entries.
> --
> W. Scott Lockwood III / US2009033817
> aDC Web Monkey / aRST Forsaken
> Cam Wiki Admin (Awakening)
>
> -----Original Message-----
> From: "Marc G. Fournier" <sc...@hu...>
> Sender: hax...@ha...Date: Tue, 15 Feb 2011 01:23:00
> To: Jamie McCarthy<ja...@mc...>
> Reply-To: hax...@ha...
> Cc: hax...@ha...<hax...@ha...>; sla...@li...<sla...@li...>
> Subject: Re: [Slashcode-general] DBIx-Password: Access denied for virtual
> user to database
>
> On Mon, 14 Feb 2011, Jamie McCarthy wrote:
>
>> It's not security through obscurity. Its cpan install directs you to
>> change the module's group, probably its owner, and set it
>> non-world-readable. It essentially is a way of bouncing mysql permission
>> issues up to the filesystem's security model, and it acts as a
>> convenient "address book" for your mysql users+passwords too.
>
> Sad thing is that its most likely more then most ppl will ever do / know
> ... hell, until George mentione issues and I looked into it, I didn't even
> know what file was written / created ... now, in my case, this seems to be
> an issue with the FreeBSD ports system hiding htis informaiton, but I
> don't recall any messages about permissions or what not :(
>
> But, that still doesn't address the issue that you are limited to a system
> where you can have but one username per database, unless I've missed
> something ... ? Now, from what I can tell, is it easy to add more
> databases, as each time you do a 'make install', it will re-gen the file,
> overwriting anything that was set before, you have to know / remember to
> re-add any of the old usernames ... or am I mistaken on t his?
>
> Slashcode has, IMHO, a relatively nice install system where you can
> install multiple sites from one installation directory ... but I cannot
> easily add a new username for a new site nearly as easy :(
>
>
>
>>
>> --
>> Jamie McCarthy
>> jmc...@th...
>> ja...@mc...
>> 269-267-2008
>>
>>
>> On Feb 14, 2011, at 6:23 PM, "Marc G. Fournier" <sc...@hu...> wrote:
>>
>>>
>>> Huh? When I install p5-DBIx-Password under FreeBSD. that is part of the
>>> install process ... which I think is one of hte most annoying perl modules
>>> as I've never been able to figure out how to "add users" without having to
>>> re-install the port ...
>>>
>>> But, looking at exactly what DBIx-Password is all about, this should be
>>> one of the easiest things to get rid of ... all it does is saves having ot
>>> create a db.conf file (or whatever we call it) to store userid/passwds in
>>> ...
>>>
>>> The funny thing is that it really is one of those 'security by obscurity'
>>> kinda things, as everything is stored plain text in the file:
>>>
>>> /usr/local/lib/perl5/./site_perl/5.10.1/DBIx/Password.pm
>>>
>>> But, there is one flaw in that module, which, altho not huge, can be
>>> annoying ... you can't have the same user connecting to different
>>> databases ... eerything is keyedd on teh username itself, so for each
>>> database, you literally need a distinct username ...
>>>
>>> I'll look into removing that requirement ... slowly figuring out how all
>>> this code works :)
>>>
>>> On Mon, 14 Feb 2011, George Taft wrote:
>>>
>>>> Whoa. I have to create a Password.pm file? That's not in the instructions.
>>>> What's the file for? Where does it go?
>>>>
>>>> On Mon, Feb 14, 2011 at 5:18 PM, Shane Zatezalo <sh...@lo...> wrote:
>>>> it's probably failing because you've not setup your Password.pm
>>>> file yet.
>>>> Create that, make install it, and I betcha it passes.
>>>>
>>>> On Feb 14, 2011, at 3:55 PM, Marc G. Fournier wrote:
>>>>
>>>>>
>>>>> What I'd be curious to know is why the test failed ... which test?
>>>> Can
>>>>> you download the source code from CPAN and do a build/install?
>>>>>
>>>>> MARCLANG/ParallelUserAgent-2.57.tar.gz : make_test NO
>>>>>
>>>>> Its the same version that I have installed here ...
>>>>>
>>>>> On Mon, 14 Feb 2011, George Taft wrote:
>>>>>
>>>>>> While this is not a verbatim log of my effort to install under
>>>> CentOS, it's
>>>>>> a list of the commands I issued. Finally at the bottom are the
>>>> errors I
>>>>>> encountered. Reissuing the MySQL commands seemed to fix the first
>>>> problem,
>>>>>> but the second still stands. == George
>>>>>>
>>>>>> yum update
>>>>>>
>>>>>> yum install make
>>>>>>
>>>>>> yum install lynx
>>>>>>
>>>>>> yum install gcc
>>>>>>
>>>>>> yum remove perl
>>>>>>
>>>>>> lynx http://www.cpan.org/src/stable.tar.gz
>>>>>>
>>>>>> cd /tmp/perl[dir]
>>>>>>
>>>>>> sh Configure -de
>>>>>>
>>>>>> make
>>>>>>
>>>>>> make test
>>>>>>
>>>>>> make install
>>>>>>
>>>>>>
>>>>>> yum install mysql-server
>>>>>>
>>>>>> /sbin/chkconfig --levels 235 mysqld on
>>>>>>
>>>>>> yum install mysql-devel # what about "mysql-client"
>>>>>> that misterorange.com refers to? it doesn't seem to exist any
>>>>>> more. Is this step still necessary?
>>>>>>
>>>>>>
>>>>>> mysql.i386 0:5.0.77-4.el5_5.4
>>>>>>
>>>>>>
>>>>>> nano /etc/my.cnf [add "timezone=GMT" to end of file]
>>>>>>
>>>>>>
>>>>>> service mysqld start
>>>>>>
>>>>>> mysql
>>>>>>
>>>>>> create database xlash;
>>>>>>
>>>>>> grant select, insert, update, delete, lock tables, create,
>>>>>> drop, index, alter on slash.* to 'xlash'@'localhost'
>>>> identified
>>>>>> by 'haxlash';
>>>>>>
>>>>>> grant process on *.* to 'xlash'@'localhost' identified by
>>>>>> 'haxlash';
>>>>>>
>>>>>>
>>>>>> /usr/local/bin/perl -MCPAN -e "install q{LWP}"
>>>>>>
>>>>>>
>>>>>> lynx
>>>> http://mirrors.axint.net/apache//httpd/apache_1.3.42.tar.gz
>>>>>>
>>>>>> cd /tmp; tar -xvzf
>>>>>>
>>>>>>
>>>>>> lynx http://perl.apache.org/dist/mod_perl-1.31.tar.gz
>>>>>>
>>>>>>
>>>>>> perl Makefile.PL apache_src=/tmp/apache_1.3.42/src/ do_httpd=1
>>>>>> use_apaci=1 perl_mark_where=1 everything=1
>>>>>> apache_prefix=/usr/local/apache
>>>>>>
>>>>>> make
>>>>>>
>>>>>> make test
>>>>>>
>>>>>> make install
>>>>>>
>>>>>>
>>>>>> yum install zlib-devel [already installed]
>>>>>>
>>>>>> yum install openssl-devel [already installed]
>>>>>>
>>>>>> yum install perl [already installed]
>>>>>>
>>>>>> yum install cpio [already installed]
>>>>>>
>>>>>> yum install expat-devel
>>>>>>
>>>>>> yum install gettext-devel
>>>>>>
>>>>>>
>>>>>> rpm-Uvh
>>>> http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noa
>>>>>> rch.rpm
>>>>>>
>>>>>> yum repolist [should show EPEL repo]
>>>>>>
>>>>>> yum install git git-daemon
>>>>>>
>>>>>> git clone git://github.com/lottadot/haxlash.git haxlash
>>>>>>
>>>>>> cd haxlash
>>>>>>
>>>>>> git checkout HEAD
>>>>>>
>>>>>>
>>>>>> cpan
>>>>>>
>>>>>> install Bundle::CPAN
>>>>>>
>>>>>> quit
>>>>>>
>>>>>> cpan
>>>>>>
>>>>>> install Bundle::LWP
>>>>>>
>>>>>>
>>>>>> install Bundle::Slash [again]
>>>>>>
>>>>>>
>>>>>> Failed during this command:
>>>>>> KROW/DBIx-Password-1.9.tar.gz : make_test NO
>>>>>> MARCLANG/ParallelUserAgent-2.57.tar.gz : make_test NO
>>>>>>
>>>>>>
>>>>>> DBI connect('database=xlash;host=localhost','xlash',...)
>>>> failed:
>>>>>> Access denied for user 'xlash'@'localhost' to database 'xlash'
>>>>>> at blib/lib/DBIx/Password.pm line 31
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Mon, Feb 14, 2011 at 12:05 PM, Marc G. Fournier
>>>> <sc...@hu...> wrote:
>>>>>> On Mon, 14 Feb 2011, Jamie McCarthy wrote:
>>>>>>
>>>>>>> On Feb 14, 2011, at 10:32 AM, Marc G. Fournier wrote:
>>>>>>>
>>>>>>>> On Mon, 14 Feb 2011, George Taft wrote:
>>>>>>>>
>>>>>>>>> I've tried, and it still fails, just like it does at Perl
>>>>>> Monks:
>>>>>>>>> <http://www.perlmonks.org/bare/?node_id=758739>. I wouldn't
>>>>>> know how to
>>>>>>>>> write/install a replacement for the functionality of
>>>>>> ParallelUA
>>>>>>>
>>>>>>> FWIW...
>>>>>>>
>>>>>>> LWP::UserAgent::Parallel is only used by checkForOpenProxy().
>>>>>> That's the
>>>>>>> function that scans a few common HTTP proxy ports on the
>>>>>> current user's
>>>>>>> IP address to see if that IP is running an open proxy, and if
>>>>>> so, limits
>>>>>>> access in some way. As I recall, you can't post anonymously
>>>>>> from a proxy
>>>>>>> or something like that.
>>>>>>>
>>>>>>> It's been moderately-helpful on Slashdot, but it's not an
>>>>>> absolute
>>>>>>> necessity or anything. If you want, strip out that function
>>>>>> and calls to
>>>>>>> it, delete Slash::Custom::ParUserAgent, and remove L::U::P
>>>>>> from the list
>>>>>>> of install requirements.
>>>>>>
>>>>>> Since I know it is working, rather try and debug it and keep the
>>>>>> functinality :)
>>>>>>
>>>>>> ----
>>>>>> Marc G. Fournier Hub.Org Hosting Solutions
>>>> S.A.
>>>>>> sc...@hu...
>>>> http://www.hub.org
>>>>>>
>>>>>> Yahoo:yscrappy Skype: hub.org ICQ:7615664
>>>> MSN:sc...@hu...
>>>>>>
>>>>>> ---------------------------------------------------------------------------
>>>>
>>>>>> ---
>>>>>> The ultimate all-in-one performance toolkit: Intel(R) Parallel
>>>> Studio
>>>>>> XE:
>>>>>> Pinpoint memory and threading errors before they happen.
>>>>>> Find and fix more than 250 security defects in the development
>>>> cycle.
>>>>>> Locate bottlenecks in serial and parallel code that limit
>>>> performance.
>>>>>> http://p.sf.net/sfu/intel-dev2devfeb
>>>>>> _______________________________________________
>>>>>> Slashcode-general mailing list
>>>>>> Sla...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/slashcode-general
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> ----
>>>>> Marc G. Fournier Hub.Org Hosting Solutions
>>>> S.A.
>>>>> sc...@hu...
>>>> http://www.hub.org
>>>>>
>>>>> Yahoo:yscrappy Skype: hub.org ICQ:7615664
>>>> MSN:sc...@hu...
>>>>>
>>>>> ---------------------------------------------------------------------------
>>>> ---
>>>>> The ultimate all-in-one performance toolkit: Intel(R) Parallel
>>>> Studio XE:
>>>>> Pinpoint memory and threading errors before they happen.
>>>>> Find and fix more than 250 security defects in the development
>>>> cycle.
>>>>> Locate bottlenecks in serial and parallel code that limit
>>>> performance.
>>>>> http://p.sf.net/sfu/intel-dev2devfeb
>>>>> _______________________________________________
>>>>> Slashcode-general mailing list
>>>>> Sla...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/slashcode-general
>>>>
>>>>
>>>>
>>>>
>>>
>>> ----
>>> Marc G. Fournier Hub.Org Hosting Solutions S.A.
>>> sc...@hu... http://www.hub.org
>>>
>>> Yahoo:yscrappy Skype: hub.org ICQ:7615664 MSN:sc...@hu...
>>>
>>> ------------------------------------------------------------------------------
>>> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
>>> Pinpoint memory and threading errors before they happen.
>>> Find and fix more than 250 security defects in the development cycle.
>>> Locate bottlenecks in serial and parallel code that limit performance.
>>> http://p.sf.net/sfu/intel-dev2devfeb
>>> _______________________________________________
>>> Slashcode-general mailing list
>>> Sla...@li...
>>> https://lists.sourceforge.net/lists/listinfo/slashcode-general
>>
>
> ----
> Marc G. Fournier Hub.Org Hosting Solutions S.A.
> sc...@hu... http://www.hub.org
>
> Yahoo:yscrappy Skype: hub.org ICQ:7615664 MSN:sc...@hu...
>
----
Marc G. Fournier Hub.Org Hosting Solutions S.A.
sc...@hu... http://www.hub.org
Yahoo:yscrappy Skype: hub.org ICQ:7615664 MSN:sc...@hu...
|
