I have a jdbc properties file with
database.username=mfuser
database.password=mfuser
If I changed this to user/pass --> sa/pass then my web application works perfectly but with mfuser it does. I have create a user in SQL Server Security with name mfsuer and password mfuser but it still not working....
How I need to create the user mfuser so that it works? Any special privileges I need to provide for this user? I want it same like sa
Here is the error I am getting with mfuser
org.springframework.dao.PermissionDeniedDataAccessException: PreparedStatementCallback; SQL [select lm.login_id,lm.login_name,lm.login_password,lm.full_name, lm.email_address,lm.phone,lm.notes,lm.delete_status,lm.create_date,lm.create_by,lm.modify_date,lm.modify_by FROM Login_Master lm where lm.login_id=(select lm1.login_id from Login_master lm1 where lm1.login_name=? and lm1.login_password =?) ]; The SELECT permission was denied on the object 'Login_Master', database 'MCData', schema 'dbo'.; nested exception is java.sql.SQLException: The SELECT permission was denied on the object 'Login_Master', database 'MCData', schema 'dbo'.
The user mfuser doesn't have enough privileges to alter data in your tables, schema or database. You should access to your SQL Server 2008 using the sa user and grant enough privileges to the mfuser.
Follow the steps in this post to get your problem solved.
Looks like that the user mfuser doesn't have access on table your application needs to access.
If you created the database schema using sa user you have to give access to mfuser.
Related
I am using virtual machine in which I have pre-installed Oracle 12c with pluggable database orcl. I need to enable log miner on that oracle in order to capture changed data. I have written a Java utility which reads redo logs of oracle and creates a log miner session and captures data. It usedto capture the data, but now it is unable to capture the data. Here is the set of commands I am using to enable log miner.
sqlplus sys/oracle#orcl12c as sysdba
shutdown immediate;
startup mount;
alter database archivelog;
alter database open;
ALTER SESSION SET CONTAINER=ORCL;
CREATE USER inventory IDENTIFIED BY oracle;
GRANT CONNECT TO inventory;
GRANT CONNECT, RESOURCE, DBA TO inventory;
CREATE TABLE inventory.customers(id number(10),first_name varchar2(20),last_name varchar2(20),email varchar2(20),modified_date timestamp);
ALTER SESSION SET CONTAINER=cdb$root;
ALTER DATABASE ADD SUPPLEMENTAL LOG DATA;
ALTER DATABASE ADD SUPPLEMENTAL LOG DATA (ALL) COLUMNS;
ALTER SYSTEM SWITCH LOGFILE;
ALTER SYSTEM SET db_recovery_file_dest_size = 50G SCOPE=BOTH SID='*';
CREATE USER c##cdc IDENTIFIED BY oracle CONTAINER=all;
GRANT create session, alter session, set container, select any dictionary, logmining, execute_catalog_role TO c##cdc CONTAINER=all;
ALTER SESSION SET CONTAINER=ORCL;
GRANT select on inventory.customers TO c##cdc;
ALTER SESSION SET CONTAINER=cdb$root;
EXECUTE DBMS_LOGMNR_D.BUILD(OPTIONS=> DBMS_LOGMNR_D.STORE_IN_REDO_LOGS);
sqlplus sys/oracle#orcl as sysdba
INSERT INTO inventory.customers VALUES (1,'NN','MM','nn#te',CURRENT_TIMESTAMP);
INSERT INTO inventory.customers VALUES (2,'NN','MM','nn#te',CURRENT_TIMESTAMP);
commit;
DELETE FROM inventory.customers;
commit;
Also, it is giving no error in Java utility. Can anyone help in resolving this?
I'm having a ton of trouble connecting to a dockerized postgres instance. The error I get looks like this:
Exception in thread "main" org.postgresql.util.PSQLException: ERROR: relation "prescriptions" does not exist
Position: 29
at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2284)
at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2003)
at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:200)
at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:424)
at org.postgresql.jdbc.PgStatement.executeWithFlags(PgStatement.java:321)
at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:313)
Here are the steps to recreate the issue. First, I set up the database like so:
docker run -p 7654:5432 --name zoo_postgres -e POSTGRES_PASSWORD="stranger" -e POSTGRES_USER=stranger -d postgres
And run a setup script, that looks like this:
create DATABASE stranger;
create SCHEMA stranger;
CREATE TABLE prescriptions (
prescription_id BIGINT NOT NULL,
PRIMARY KEY (prescription_id)
);
CREATE USER stranger_user WITH ENCRYPTED password 'stranger_user';
grant CONNECT on DATABASE stranger to stranger_user;
grant USAGE on SCHEMA stranger to stranger_user;
GRANT SELECT ON ALL TABLES IN SCHEMA stranger TO stranger_user;
GRANT INSERT ON ALL TABLES IN SCHEMA stranger TO stranger_user;
GRANT DELETE ON ALL TABLES IN SCHEMA stranger TO stranger_user;
GRANT UPDATE ON ALL TABLES IN SCHEMA stranger TO stranger_user;
-- I've tried several variations of the line below, without any effect
ALTER USER stranger_user SET SEARCH_PATH to stranger,stranger_user,public;
On the Java side, the code is extremely simple and looks like the following:
public static void main(String[] args) throws Exception {
Class.forName("org.postgresql.Driver");
Connection connection = DriverManager.getConnection("jdbc:postgresql://localhost:7654/stranger","stranger_user", "stranger_user"); // this succeeds (suggesting the connection string is correct)
connection.setCatalog("stranger");
connection.setSchema("stranger");
Statement stmt = connection.createStatement();
stmt.execute("select prescription_id from prescriptions");
// code dies before getting to the close line.
connection.close();
System.out.println("Successfully connected using JDBC directly");
}
Setting the catalog and schema has no effect and neither does changing the search path. Everything is lower case, so I don't think it has anything to do with escaping the table names. I've tried using the real user (and skipping the user account), omitting the database name and several other tricks. I suspect that there's something wrong with the way that I'm connecting to the database, but I can connect to is using psql, like so:
% psql -h localhost -p 7654 -d postgres -U stranger_user
From this point, I can access the tables with normal sql:
% psql -h localhost -p 7654 -d postgres -U stranger_user
Password for user stranger_user:
psql (9.4.6, server 9.5.2)
WARNING: psql major version 9.4, server major version 9.5.
Some psql features might not work.
Type "help" for help.
postgres=> \d
List of relations
Schema | Name | Type | Owner
----------+---------------+-------+----------
stranger | prescriptions | table | stranger
(1 row)
postgres=> select * from prescriptions;
prescription_id
-----------------
(0 rows)
postgres=> select * from stranger.prescriptions;
prescription_id
-----------------
(0 rows)
I'm using the latest version of the postgres driver: "org.postgresql:postgresql:9.4+", and can't see anything else that would cause this issue. At this point I'm out of ideas and can't figure out what's wrong.
You're connecting with psql to port 7654, and then in your JDBC URL to port 6543. Also, you're connecting to the postgres database with psql, and the stranger database in your JDBC URL.
Could these differences be the source of the exception you're seeing?
https://jdbc.postgresql.org/documentation/94/connect.html
If you use pgAdmin or psql, and log in to server localhost:6543, database stranger with user stranger_user and password stranger_user, what do you see?
I expect that you see an empty public schema.
Running create DATABASE stranger does not make it the active database.
So, running create SCHEMA stranger will create that schema in the postgres database. It also won't make the new schema active.
So, running CREATE TABLE prescriptions will create that table in the public schema of the postgres database.
Of course, all that is not even in the PostgreSQL database instance/cluster served on port 6543, because you did all that on a different instance/cluster on port 7654.
So I'm trying to create a user in JDBC with
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306", "root", "password");
Statement statement = connection.createStatement();
String command = "create user 'username'#'localhost' identified by 'pass'";
statement.execute(command);
Every time I try to run this I get the error below.
java.sql.SQLException: Operation CREATE USER failed for 'username'#'localhost'`
This I log into mysql as root and the same thing happens. I try the same statement and get Operation CREATE USER failed for 'username'#'localhost'. So I then run FLUSH PRIVILEGES and I can then create the user. As soon as I run the program again though the same thing happens.
What is the cause of this and how can I fix it?
It indicate that the user already exists or did exist. Thats why you are getting error while creating it
You can try the following Steps-
Drop the user DROP USER 'username'#'localhost'
Flush privileges - FLUSH PRIVILEGES
then Create the user - CREATE USER 'username'#'localhost'IDENTIFIED BY 'Identification' or CREATE USER 'username'#'localhost'IDENTIFIED BY PASSWORD 'password'
I am working on a java application which will be deployed in the field and needs to connect to an sql database on my company's server.
What is the best practice for users logging in? I have salted and hashed my passwords, and from what I have read I should save the username/salt/hashed password in an sql database. This sounds fine and dandy, but the question becomes how do I get into the database to get the salt without the salt? The obvious answer is to create one account which logs in and only has access to the table of usernames and salts. This account then "authenticates" the user from that table or kicks them off the server.
Unfortunately, at least in my mind, this introduces a slew of additional security risks. The 'password' for the blanket use account would be available in the source of my java project, as well as any sql script to set up the server. To change that password would also mean a full update to anyone using the project. So, the question I am asking is this:
How can I prevent someone from logging into my sql server from outside of my java application with the credentials I have supplied to that application, or should I not be worried about it?
Here is what I am doing with the server setup file.
SET #OLD_SQL_MODE=##SQL_MODE, SQL_MODE='ANSI';
CREATE DATABASE PM;
USE PM ;
DROP PROCEDURE IF EXISTS PM.drop_user_if_exists ;
DELIMITER $$
CREATE PROCEDURE PM.drop_user_if_exists()
BEGIN
DECLARE foo BIGINT DEFAULT 0 ;
SELECT COUNT(*)
INTO foo
FROM mysql.user
WHERE User = 'Admin' and Host = '%';
IF foo <= 0 THEN
SET #query1 = CONCAT('CREATE USER "Admin"#"localhost" IDENTIFIED BY "',#PASS,'" ');
PREPARE stmt FROM #query1; EXECUTE stmt; DEALLOCATE PREPARE stmt;
CREATE USER 'ParkingManager'#'%' IDENTIFIED BY 'testpass';
GRANT CREATE ON PM.* TO 'Admin'#'%';
GRANT DROP ON PM.* TO 'Admin'#'%';
GRANT LOCK TABLE ON PM.* TO 'Admin'#'%';
GRANT ALTER ON PM.* TO 'Admin'#'%';
GRANT SELECT ON PM.* TO 'Admin'#'%';
GRANT UPDATE ON PM.* TO 'Admin'#'%';
GRANT SELECT ON PM.* TO 'ParkingManager'#'%';
GRANT UPDATE ON PM.* TO 'ParkingManager'#'%';
CREATE DATABASE PMUsers;
END IF;
END ;$$
DELIMITER ;
CALL PM.drop_user_if_exists() ;
DROP PROCEDURE IF EXISTS databaseName.drop_user_if_exists ;
SET SQL_MODE=#OLD_SQL_MODE ;
Thanks!
Edit: The company does not want a VPN. They say that it shouldn't be necessary because the server has SSL.
I have been trying to connect to Teradata
Class.forName("com.teradata.jdbc.TeraDriver");
String connectionString = "jdbc:teradata://xxx.xxxxxx.com/database=xxxxxx, tmode=ANSI, charset=UTF8";
String user = "Rocket512";
String password = "aui8mn5";
Connection conn = DriverManager.getConnection(connectionString, user, password);
Got the following
Exception in thread "main" com.teradata.jdbc.jdbc_4.util.JDBCException: [Teradata Database]
[TeraJDBC 14.10.00.17] [Error 8017] [SQLState 28000] The UserId, Password or Account is invalid.
at com.teradata.jdbc.jdbc_4.util.ErrorFactory.makeDatabaseSQLException(ErrorFactory.java:300)
at com.teradata.jdbc.jdbc.GenericLogonController.run(GenericLogonController.java:666)
at com.teradata.jdbc.jdbc_4.TDSession.<init>(TDSession.java:216)
I know that the host is specified correctly since i did not get UnknownHost Exception.
Also I have double checked my userid and password are correct.
I ran query suggested by #beni23 (thank you)
select *
from dbc.logonoff
where logdate >= date '2013-10-31'
Here is the result that I got
What is Bad Password? I used SQL Assistant with this very password and it works great. Why cannot i connect with Java?
LDAP Authentication failures will not be captured in DBC.LogOnOff as a Bad Password event because the authentication doesn't take place on the database.
Typically the error message you are receiving, The UserId, Password or Account is invalid., is indicative of the user account being locked on the database.
SELECT U.UserName
, U.ProfileName
, U.DefaultAccount
, COALESCE(P.MAXLOGONATTEMPTS, S.MAXLOGONATTEMPTS) AS MaxLogonAttempts_
, U.LockedCount
, U.LockedDate
FROM dbc.UsersV U
LEFT JOIN
dbc.ProfileInfoV P
ON P.ProfileName = U.ProfileName
CROSS JOIN
dbc.SecurityDefaults S
WHERE UserName = 'Rocket512';
If LockedCount is not 0 than a failed logon attempt has occurred since the last successful logon to the database.
If LockedDate is not NULL it represents the date which the account was last locked.
MaxLogonAttempts_ will tell you how many times you can attempt to logon using database authentication (TD2) before the account is locked.
A couple of things I would suggest:
Remove whitespace between the parameters of connectString
Put the User and Password parameters in the connectString
Using original code above modify the connectString to add: ,ACCOUNT=$AMRWRW&DrT&r which should match what is returned by the query in my response above (I have added DefaultAccount).
EDIT: 11/12/13
May I suggest you download Teradata Studio Express and attempt to make a connection to the same Teradata system using JDBC much like you are here in your code. This may help shed light on the parameters you need to specify in your connection string in order to make the connection successful. You should be able to setup your connection parameters in Teradata Studio Express the same as you have here in your code and see if it works.
Using LDAP as the logon mechanism for a user that has not been granted the explicit right to logon with a NULL password has resulted in the error message `The UserId, Password or Account is invalid.'. I received this the other day using a privileged account without changing my logon mechanism from LDAP to TD2.
What does the following SQL return?
SELECT *
FROM DBC.LogonRulesV
WHERE UserName = 'Rocket512';
It may not return anything, which is okay. This simply means you ability to logon with that userid from any host on the system has not been explicitly granted or revoked.
EDIT: 05/22/18
The “Bad Password” event for an externally authenticated user may will appear in the event log when the provided password and the what is stored on the directory server do not match. In certain scenarios you can verify this by using ldapsearch from the PDN to submit an inquiry directly to the LDAP directory. You can find more details about using this command in the Security Administration manual. I’ve discovered this trying to triage a problem with a subset of user accounts that fail to authenticate to the directory. I felt it would be appropriate to update this answer with more details as my lead in statement at the top is not 100% accurate.
The following might not give you a solution, but might point you in the right direction. I think you'll want to check the dbc.logonoff table in teradata through a console to make sure that your user is not locked or get an idea whether your driver is hitting teradata.
select *
from dbc.logonoff
where logdate >= date '2013-10-31'
Reading this article Troubleshooting Security: The UserId, Password or Account is invalid. we can see the typical reason of this error.
Cause: LOGMECH=LDAP is specified, and the username/password credentials
are redundantly provided in the both LOGDATA and as separate
connection parameters.
Solution: Identify LDAP users via LOGDATA, or
via separate username/password parameters, but not both
simultaneously.
So, you should check this case. May be you can get connection without user/password
Perhaps you might have more luck with:
String driver = "com.teradata.jdbc.TeraDriver";
String conUrl="jdbc:teradata://xxx.xxxxxx.com/database=xxxxxx,USER=Rocket512,PASSWORD=aui8mn5,tmode=ANSI,charset=UTF8";
Class.forName(driver);
Connection dbConn = DriverManager.getConnection(conUrl);
If that doesn't work make sure to use the latest jdbc driver.
I had similar error and followed all the suggestions given in here. My account was not locked and I was able to connect to the DB with the same username and password, via SQL assistance editor.
The solution worked for me was adding following line in the connection string: LOGMECH=LDAP.
You need to know the logon mechanism for your Teradata, or you can reach out to your DBA team, as I did. So your connection string will look something like this:
String connurl="jdbc:teradata://xx/database=xx,USER=xx,PASSWORD=xx,tmode=ANSI,charset=UTF8,LOGMECH=LDAP";