I am having trouble logging in as admin when I switch to production. I get the following error:
BCryptPasswordEncoder - Encoded password does not look like BCrypt
I am guessing I would have to change the admin password directly in the database (table blc_admin_user), to an encrypted one? If so, what would it be?
Also I am hoping to use the same database created in development for production, I hope that is not an issue.
Note that I am using the default admin login (password: admin).
version 5.2.0-SNAPSHOT
Yes, you will need to encrypt the admin password with BCrypt and put that in the BLC_ADMIN_USER table. Here is the update script to do that:
UPDATE BLC_ADMIN_USER SET PASSWORD = '$2a$06$NtRCQoGXWEgBClwBO8b1AeBqIP1elvZNuZqR/57Yjfw4kV/M0vljG' WHERE LOGIN = 'admin';
Related
I am using kuzzle (2.6) as a backend to my app. I'd like to encrypt data stored to Kuzzle by the users of the app, and organize encryption keys separate from the database. The key holding entity (keyStore for short) should give keys only to users that are truly registered in the database, without becoming able to access the user data itself.
So I'm trying to pass, from the app, when the user is logged in, a <kuid> together with a corresponding <jwt> obtained e.g. via kuzzle.auth.login('local', {username: <username>, password: <password>}) to the keyStore via https. The keyStore should send the information to the Kuzzle database, where a Kuzzle plugin can verify the user exists. If Kuzzle confirms the identity of the user to the keyStore, the keyStore will hand out a key to the user such that the user can encrypt/decrypt its data.
In short:
Is there any way I can let a plugin validate that a given <jwt> and a given <kuid> belong to the same user? <username> and <password> would both not be available to the plugin.
Kuzzle core developer here.
Right now we don't have a public API to get the user linked to an authentication token.
Still, you can use the auth:checkToken API action to verify the token validity and the jsonwebtoken package used by Kuzzle to retrieve the user kuid from the token.
const { valid } = await app.sdk.auth.checkToken(token);
if (valid) {
const kuid = require('jsonwebtoken').decode(token)._id;
}
Anyway, that's an interesting feature and we will discuss it in our next product workshop.
I will update this answer accordingly.
I'm connecting to an external Oracle Database with the example function that can be found here
const oracledb = require('oracledb');
const connection = await oracledb.getConnection(
{
user : "hr",
password : mypw, // mypw contains the hr schema password
connectString : "mydbmachine.example.com/orclpdb1"
}
);
So, as you can see, my credentials would be 'exposed' to everyone who can access the code (maybe github repository or something).
Is there any way of hiding my username and password or making them confidential, or I just shouldn't worry about it?
Note: I'm using the oracledb node module
You could use .env, and access to it with process.env.
check here: https://nodejs.org/dist/latest-v8.x/docs/api/process.html#process_process_env
Store your database secrets encrypted in Secrets Manager or Parameter Store and have your app read them at runtime. Be sure to update the IAM role that your app uses so that it has IAM permissions to retrieve the credentials.
Note: for certain databases, Secrets Manager supports auto-rotation of credentials.
Choices include:
prompt for the password at runtime
pass the password in an environment variable
use kerberos and then use 'external' authentication in node-oracledb. All this is configured and enabled in code layers below node-oracledb, see the Oracle Database Security Guide.
use an Oracle Wallet and then use 'external' authentication in node-oracledb.
I am trying to setup a local database in a windows 10 computer, and grant access to my local windows-user. But when I try to access the database through my node-application I get the following error-message: error: password authentication failed for user "windowsuser" using the following db-url: postgres://localhost:5432/testdb
I am using the module "pg" to connect to the database, and everything works when I specify a username and password in the URL - but I want to connect using my windows credentials.
I have setup a superuser with the same name as my windowsuser:
CREATE ROLE windowsuser LOGIN
SUPERUSER INHERIT CREATEDB CREATEROLE NOREPLICATION;
And setup a database windowsuser as owner:
CREATE DATABASE testdb
WITH OWNER = windowsuser
ENCODING = 'UTF8'
TABLESPACE = pg_default
LC_COLLATE = ''
LC_CTYPE = ''
CONNECTION LIMIT = -1;
GRANT ALL ON DATABASE testdb TO windowsuser;
The windows user has no password, and I want to be able to just login with the current system user. Am I missing something essential here to get proper access?
I believe you cannot simply authenticate without a password. Have a look at the PostgreSQL doc here:
PostgreSQL: Documentation: 9.4: Authentication Methods
You will need to setup "Trust Authentication" instead of "Password Authentication".
19.3.2. Password Authentication
"PostgreSQL database passwords are separate from operating system user passwords. The password for each database user is stored in the pg_authid system catalog. Passwords can be managed with the SQL commands CREATE USER and ALTER ROLE, e.g., CREATE USER foo WITH PASSWORD 'secret'. If no password has been set up for a user, the stored password is null and password authentication will always fail for that user."
Is there a specific reason why you are opting to use a Windows system account, as well as no password?
using below code i am not able to login page. how i can validate user when i am using passwordFormat="Encrypted"
if (SPClaimsUtility.AuthenticateFormsUser(ctxUri, txtUserName.Value.Trim(), encodedPassword))
{
string strDirectLink = "/Pages/Home.aspx";
SPUtility.Redirect(strDirectLink.ToString(), SPRedirectFlags.Trusted, HttpContext.Current);
}
else
{
lblErrMsg.Text = "Invalid username. Please try again";
}
always code execute in else part and show "Invalid username. Please try again" message.
my CA+WP+STS web.config files
SPClaimsUtility.AuthenticateFormsUser does work for authenticating a user. You can check out it's use in the SharePoint 2010 FBA Pack, in MembershipRequest.cs.
https://sharepoint2010fba.codeplex.com
Make sure that you can login with that username and password from the SharePoint forms based login page first, to make sure that there's no issues with your membership web.config settings.
I generally don't recommend using 'encrypted' as a passwordFormat. It can be difficult to get to work, as you have to make sure the same key is used on all SharePoint servers, or it won't be able to decrypt the passwords.
I suggest using a passwordFormat of Hashed. It's more secure than encrypted, because it can't be decrypted to the original password. It also doesn't require having the same key setup on all servers.
I have developped a windows store app with C#,and I want to make my application keeps the login crediantials after the close of the application (like the Groove app after connexion and the close of the App,when I reopen it in an other time I get the application interface without putting login crediantials every time)
any explication in how to do that in universal apps please
thanks for help
Here's the solution to all your problems: https://msdn.microsoft.com/library/windows/apps/br227081
PasswordVault is the perfect place and the secure way to store your user credentials. It use the Windows Credential Manager and it allows you also to roam the credentials across devices, if this is the behavior you want to achieve.
Sample code:
// Create a new credentials set
var passwordCredential = new PasswordCredential("MyAppName", "username", "password");
// Stores the PasswordCredential in the PasswordVault
var passwordVault = new PasswordVault();
passwordVault.Add(passwordCredential);
// To later retrieve the credentials
var credentials = passwordVault.Retrieve("MyAppName", "username");
// To populate the Password property in the PasswordCredential
credentials.RetrievePassword();
it's a very common scenario.
You must use Storage folder to save all the data.
I recommend you save your file in json, serialize and Deserialize the data.
with this approach you can save the credentials of the user and when the user will open the app again you will need to check if there is a previous saved data( the login credentials) if yes you can skip the login page and navigate to the main page
https://msdn.microsoft.com/en-us/windows/uwp/files/quickstart-reading-and-writing-files