I am using virtual machine in which I have pre-installed Oracle 12c with pluggable database orcl. I need to enable log miner on that oracle in order to capture changed data. I have written a Java utility which reads redo logs of oracle and creates a log miner session and captures data. It usedto capture the data, but now it is unable to capture the data. Here is the set of commands I am using to enable log miner.
sqlplus sys/oracle#orcl12c as sysdba
shutdown immediate;
startup mount;
alter database archivelog;
alter database open;
ALTER SESSION SET CONTAINER=ORCL;
CREATE USER inventory IDENTIFIED BY oracle;
GRANT CONNECT TO inventory;
GRANT CONNECT, RESOURCE, DBA TO inventory;
CREATE TABLE inventory.customers(id number(10),first_name varchar2(20),last_name varchar2(20),email varchar2(20),modified_date timestamp);
ALTER SESSION SET CONTAINER=cdb$root;
ALTER DATABASE ADD SUPPLEMENTAL LOG DATA;
ALTER DATABASE ADD SUPPLEMENTAL LOG DATA (ALL) COLUMNS;
ALTER SYSTEM SWITCH LOGFILE;
ALTER SYSTEM SET db_recovery_file_dest_size = 50G SCOPE=BOTH SID='*';
CREATE USER c##cdc IDENTIFIED BY oracle CONTAINER=all;
GRANT create session, alter session, set container, select any dictionary, logmining, execute_catalog_role TO c##cdc CONTAINER=all;
ALTER SESSION SET CONTAINER=ORCL;
GRANT select on inventory.customers TO c##cdc;
ALTER SESSION SET CONTAINER=cdb$root;
EXECUTE DBMS_LOGMNR_D.BUILD(OPTIONS=> DBMS_LOGMNR_D.STORE_IN_REDO_LOGS);
sqlplus sys/oracle#orcl as sysdba
INSERT INTO inventory.customers VALUES (1,'NN','MM','nn#te',CURRENT_TIMESTAMP);
INSERT INTO inventory.customers VALUES (2,'NN','MM','nn#te',CURRENT_TIMESTAMP);
commit;
DELETE FROM inventory.customers;
commit;
Also, it is giving no error in Java utility. Can anyone help in resolving this?
Related
I'm having a ton of trouble connecting to a dockerized postgres instance. The error I get looks like this:
Exception in thread "main" org.postgresql.util.PSQLException: ERROR: relation "prescriptions" does not exist
Position: 29
at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2284)
at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2003)
at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:200)
at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:424)
at org.postgresql.jdbc.PgStatement.executeWithFlags(PgStatement.java:321)
at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:313)
Here are the steps to recreate the issue. First, I set up the database like so:
docker run -p 7654:5432 --name zoo_postgres -e POSTGRES_PASSWORD="stranger" -e POSTGRES_USER=stranger -d postgres
And run a setup script, that looks like this:
create DATABASE stranger;
create SCHEMA stranger;
CREATE TABLE prescriptions (
prescription_id BIGINT NOT NULL,
PRIMARY KEY (prescription_id)
);
CREATE USER stranger_user WITH ENCRYPTED password 'stranger_user';
grant CONNECT on DATABASE stranger to stranger_user;
grant USAGE on SCHEMA stranger to stranger_user;
GRANT SELECT ON ALL TABLES IN SCHEMA stranger TO stranger_user;
GRANT INSERT ON ALL TABLES IN SCHEMA stranger TO stranger_user;
GRANT DELETE ON ALL TABLES IN SCHEMA stranger TO stranger_user;
GRANT UPDATE ON ALL TABLES IN SCHEMA stranger TO stranger_user;
-- I've tried several variations of the line below, without any effect
ALTER USER stranger_user SET SEARCH_PATH to stranger,stranger_user,public;
On the Java side, the code is extremely simple and looks like the following:
public static void main(String[] args) throws Exception {
Class.forName("org.postgresql.Driver");
Connection connection = DriverManager.getConnection("jdbc:postgresql://localhost:7654/stranger","stranger_user", "stranger_user"); // this succeeds (suggesting the connection string is correct)
connection.setCatalog("stranger");
connection.setSchema("stranger");
Statement stmt = connection.createStatement();
stmt.execute("select prescription_id from prescriptions");
// code dies before getting to the close line.
connection.close();
System.out.println("Successfully connected using JDBC directly");
}
Setting the catalog and schema has no effect and neither does changing the search path. Everything is lower case, so I don't think it has anything to do with escaping the table names. I've tried using the real user (and skipping the user account), omitting the database name and several other tricks. I suspect that there's something wrong with the way that I'm connecting to the database, but I can connect to is using psql, like so:
% psql -h localhost -p 7654 -d postgres -U stranger_user
From this point, I can access the tables with normal sql:
% psql -h localhost -p 7654 -d postgres -U stranger_user
Password for user stranger_user:
psql (9.4.6, server 9.5.2)
WARNING: psql major version 9.4, server major version 9.5.
Some psql features might not work.
Type "help" for help.
postgres=> \d
List of relations
Schema | Name | Type | Owner
----------+---------------+-------+----------
stranger | prescriptions | table | stranger
(1 row)
postgres=> select * from prescriptions;
prescription_id
-----------------
(0 rows)
postgres=> select * from stranger.prescriptions;
prescription_id
-----------------
(0 rows)
I'm using the latest version of the postgres driver: "org.postgresql:postgresql:9.4+", and can't see anything else that would cause this issue. At this point I'm out of ideas and can't figure out what's wrong.
You're connecting with psql to port 7654, and then in your JDBC URL to port 6543. Also, you're connecting to the postgres database with psql, and the stranger database in your JDBC URL.
Could these differences be the source of the exception you're seeing?
https://jdbc.postgresql.org/documentation/94/connect.html
If you use pgAdmin or psql, and log in to server localhost:6543, database stranger with user stranger_user and password stranger_user, what do you see?
I expect that you see an empty public schema.
Running create DATABASE stranger does not make it the active database.
So, running create SCHEMA stranger will create that schema in the postgres database. It also won't make the new schema active.
So, running CREATE TABLE prescriptions will create that table in the public schema of the postgres database.
Of course, all that is not even in the PostgreSQL database instance/cluster served on port 6543, because you did all that on a different instance/cluster on port 7654.
So I'm trying to create a user in JDBC with
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306", "root", "password");
Statement statement = connection.createStatement();
String command = "create user 'username'#'localhost' identified by 'pass'";
statement.execute(command);
Every time I try to run this I get the error below.
java.sql.SQLException: Operation CREATE USER failed for 'username'#'localhost'`
This I log into mysql as root and the same thing happens. I try the same statement and get Operation CREATE USER failed for 'username'#'localhost'. So I then run FLUSH PRIVILEGES and I can then create the user. As soon as I run the program again though the same thing happens.
What is the cause of this and how can I fix it?
It indicate that the user already exists or did exist. Thats why you are getting error while creating it
You can try the following Steps-
Drop the user DROP USER 'username'#'localhost'
Flush privileges - FLUSH PRIVILEGES
then Create the user - CREATE USER 'username'#'localhost'IDENTIFIED BY 'Identification' or CREATE USER 'username'#'localhost'IDENTIFIED BY PASSWORD 'password'
I am working on a java application which will be deployed in the field and needs to connect to an sql database on my company's server.
What is the best practice for users logging in? I have salted and hashed my passwords, and from what I have read I should save the username/salt/hashed password in an sql database. This sounds fine and dandy, but the question becomes how do I get into the database to get the salt without the salt? The obvious answer is to create one account which logs in and only has access to the table of usernames and salts. This account then "authenticates" the user from that table or kicks them off the server.
Unfortunately, at least in my mind, this introduces a slew of additional security risks. The 'password' for the blanket use account would be available in the source of my java project, as well as any sql script to set up the server. To change that password would also mean a full update to anyone using the project. So, the question I am asking is this:
How can I prevent someone from logging into my sql server from outside of my java application with the credentials I have supplied to that application, or should I not be worried about it?
Here is what I am doing with the server setup file.
SET #OLD_SQL_MODE=##SQL_MODE, SQL_MODE='ANSI';
CREATE DATABASE PM;
USE PM ;
DROP PROCEDURE IF EXISTS PM.drop_user_if_exists ;
DELIMITER $$
CREATE PROCEDURE PM.drop_user_if_exists()
BEGIN
DECLARE foo BIGINT DEFAULT 0 ;
SELECT COUNT(*)
INTO foo
FROM mysql.user
WHERE User = 'Admin' and Host = '%';
IF foo <= 0 THEN
SET #query1 = CONCAT('CREATE USER "Admin"#"localhost" IDENTIFIED BY "',#PASS,'" ');
PREPARE stmt FROM #query1; EXECUTE stmt; DEALLOCATE PREPARE stmt;
CREATE USER 'ParkingManager'#'%' IDENTIFIED BY 'testpass';
GRANT CREATE ON PM.* TO 'Admin'#'%';
GRANT DROP ON PM.* TO 'Admin'#'%';
GRANT LOCK TABLE ON PM.* TO 'Admin'#'%';
GRANT ALTER ON PM.* TO 'Admin'#'%';
GRANT SELECT ON PM.* TO 'Admin'#'%';
GRANT UPDATE ON PM.* TO 'Admin'#'%';
GRANT SELECT ON PM.* TO 'ParkingManager'#'%';
GRANT UPDATE ON PM.* TO 'ParkingManager'#'%';
CREATE DATABASE PMUsers;
END IF;
END ;$$
DELIMITER ;
CALL PM.drop_user_if_exists() ;
DROP PROCEDURE IF EXISTS databaseName.drop_user_if_exists ;
SET SQL_MODE=#OLD_SQL_MODE ;
Thanks!
Edit: The company does not want a VPN. They say that it shouldn't be necessary because the server has SSL.
I have a jdbc properties file with
database.username=mfuser
database.password=mfuser
If I changed this to user/pass --> sa/pass then my web application works perfectly but with mfuser it does. I have create a user in SQL Server Security with name mfsuer and password mfuser but it still not working....
How I need to create the user mfuser so that it works? Any special privileges I need to provide for this user? I want it same like sa
Here is the error I am getting with mfuser
org.springframework.dao.PermissionDeniedDataAccessException: PreparedStatementCallback; SQL [select lm.login_id,lm.login_name,lm.login_password,lm.full_name, lm.email_address,lm.phone,lm.notes,lm.delete_status,lm.create_date,lm.create_by,lm.modify_date,lm.modify_by FROM Login_Master lm where lm.login_id=(select lm1.login_id from Login_master lm1 where lm1.login_name=? and lm1.login_password =?) ]; The SELECT permission was denied on the object 'Login_Master', database 'MCData', schema 'dbo'.; nested exception is java.sql.SQLException: The SELECT permission was denied on the object 'Login_Master', database 'MCData', schema 'dbo'.
The user mfuser doesn't have enough privileges to alter data in your tables, schema or database. You should access to your SQL Server 2008 using the sa user and grant enough privileges to the mfuser.
Follow the steps in this post to get your problem solved.
Looks like that the user mfuser doesn't have access on table your application needs to access.
If you created the database schema using sa user you have to give access to mfuser.
The purpose is to send extra information to triggers like current user id from a web application. Since a connection pool is used, and same user id is used for all connections how do I pass the original web user id to trigger? It is a java based application.
If you can't touch the application code and the application itself does not pass this information to the database already, you're at an impasse. The only way to make that information available to back-end code is for the middle tier to pass it in.
Oracle provides a number of ways for applications to pass information from the middle-tier to the back end but the application has to be built to take advantage of them. The DBMS_APPLICATION_INFO package, for example, has a set_client_info procedure that allows the middle tier to pass in the name of the middle tier user that your back end trigger could query. You can also use Oracle contexts if you want a more general mechanism. Either of these approaches, however, realistically require that the Java application be written to pass this information to the back-end when connections are retrieved from the connection pool.
You can make use of proxy authentication to identify the users even with a ConnectionPool.
An example:
me#XE> #man proxy
[ P R O X Y A U T H E N T I C A T I O N ]
drop user application_user
drop user end_user
-- let's create the application user which all users
-- need to connect through.
-- This user is meant as the middle-tier-user in a
-- multi-tier setup.
create user application_user identified by application_user
-- create an end-user
create user end_user identified by end_user
quota unlimited on users
grant create session, create table to end_user
-- this is the clause to grant access to end_user.
alter user end_user grant connect through application_user
-- now, we can connect WITHOUT PASSWORD!
#connect application_user[end_user]/application_user
-- this should display "END_USER"
select user from dual
-- this should display "APPLICATION_USER"
column proxy_user format a30
select sys_context('userenv', 'proxy_user') proxy_user from dual
http://blogs.oracle.com/jheadstart/entry/using_proxy_authentication