stackoom
  简体   繁体   中英

How do I authenticate QuestDb with database users

 原文  2021-02-27 11:03:01       database/ authentication/ questdb

Question

I'm considering using QuestDb for a small hobby project but I can't seem to wrap my head around how authentication is dealt with in QuestDb. I peeked at the Enterprise page and it almost looks like authentication is only available to enterprises.

The docs shows authentication for the Influxdb Line Protocol but nothing that resembles for example mysql and its database users.

How do I create database users and lock down QuestDb to only be used with the authenticated users/users with correct permissions?

1 answers

solution1
 0  2021-03-03 10:56:14

Authentication over InfluxDB line protocol was added as a feature request for this protocol only and ensures only that clients writing to QuestDB are authenticated before being allowed to send records to tables.

For authenticating over Postgres wire, there is the equivalent of host-based authentication , ie in Node.js this looks like:

const { Client } = require("pg")

const start = async () => {
  const client = new Client({
    database: "qdb",
    host: "127.0.0.1",
    password: "quest",
    port: 8812,
    user: "admin",
  })
  await client.connect()
  console.log("Connected")
}

start()

Only one database and one admin user is supported at the moment and you should keep in mind that anyone who can connect to the host using these credentials has database access and can read/write to tables on this host.

If you want to ensure your installation is locked down, you should at a minimum change the default connection credentials specified in the server configuration file ( server.conf ) such as changing the default username and password, and only enable the protocol(s) that you are reading and writing with.

Depending on where the installation is deployed, you could take steps beyond the QuestDB config itself and whitelist incoming / outgoing network connections (on EC2 for instance) to only allow connections coming from a specific IP, or within a VPC, for example.

If having multiple database users with role-based access is something you really need, feel free to open an issue with a feature request .

edit: It might be worth noting that you can also set the HTTP server to readonly mode which was discussed in another stackoverflow question

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I run QuestDB from IntelliJ? How do I safely allow my users to connect to my database? How do you email users that are in a database How do I allow multiple users to connect to my H2 database simultaneously? How do I create an effective mysql database design, where it stores different values for multiple users? How do I export an entire database from Oracle 10 and import it to Oracle 11.2.0 with all users? How do I find out which users are currently using an ms access database how do you get users to not access files in the database I need to authenticate against one db with python and openfire. How do I do this? How do you create Users in a non default database?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM