I am running Postgres 12 on Windows and have a .Net Core app which uses Dapper as an ORM:
The following query works fine:
var sql = "SELECT 1 FROM pg_roles WHERE rolname=#un"
var result = con.ExecuteScalar<int>(sql, new {un = "someuser"});
Now I'm trying to execute an sql statement that would create a role:
var sql = #"CREATE ROLE #un WITH LOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION PASSWORD #pw";
con.Execute(sql, new {un = "someuser", pw = "somepass");
This query fails with the following exception: Npgsql.PostgresException: '42601: syntax error at or near "$1"'.
What am I missing here?
The name of a role is an identifier. You can not pass identifiers as parameters, you will need to concatenate the name as a constant value into the SQL string, so that you execute this:
var sql = #"CREATE ROLE someuser WITH LOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION PASSWORD #pw";
con.Execute(sql, new {pw = "somepass");
I am not entirely sure sending the password as a parameter works either. You will need to test that.
Related
I have created a share and added that share to a reader account.
Now I have executed a create user statement there in the reader account i.e.
CREATE or replace USER client_test
PASSWORD = 'Client4321'
LOGIN_NAME = 'client'
DISPLAY_NAME = 'client test'
FIRST_NAME = 'client'
LAST_NAME = 'test'
EMAIL = 'mukul.kumar#gmail.com'
DEFAULT_ROLE = sysadmin;
This statement gets executed without any error and also I can see the user details under the account tab in snowflake UI
but still, when I am trying to login into this newly created user, there is an error of incorrect username or password coming up.
Is creating a user in a reader account not allowed or anything like there in snowflake?
I haven't found documentation on this as such. It will be appreciated if anyone helps me out with this.
The issue here is that the login_name is the one which should be used for logging in to the SF application. Use "client" and "Client4321" to login and it will be successful.
hi i forget admin password but i can connect to sql
i try to replace another user password to recover
but got this error:
the pass field is like this :
Are you looking for this?
UPDATE [my_users_table]
SET [pas] = CAST('newpass' AS VARBINARY(MAX))
WHERE [nam] = 'admin'
Open new window and try to set the password like this. Anyway, if the data is encrypted and then stored as binary, you will first need to get a valid encrypted binary before setting the new password.
UPDATE [my_users_table]
SET [pas] = 0x0DE3446D8F782E9B
WHERE [nam] = 'admin'
using (IDbConnection dbConnection = openConnection)
{
string uQuery = "INSERT INTO User (Email, UserName, Password)"
+ " VALUES(#Email, #UserName, #Password)";
dbConnection.Open();
dbConnection.Execute(uQuery, User);
}
I'm getting a sql exception: Incorrect syntax near the keyword 'User'. on the db.Connection.Execute statement. I get the same error even if I omit the User parameter of the statement. Am I doing the insert wrong?
User is a reserved work in SQL server. Wrap User between brackets as [User] to solve.
Reference Reserved Keywords in SQL Server: https://msdn.microsoft.com/en-us/library/ms189822.aspx
Hope this helps.
I am new to asp.net development
I develop login form with username and password
I finished off with my work but any how my login table has injected with sort of script as
username
"> </title><script src="http://it
password
"> </title><script src="http://it
I have written simple query as
SELECT * FROM user WHERE userid = 'admin' AND password = 'ms2012'
I thought some body has injected in a username and password textbox
But I don't understand how they did. Can anybody explain how they have updated it and what should I do to avoid it?
There are 3 basic things to consider if you want to the application to be secured from SQL Injection:
Paramterized Queries
Stored Procedures
Sanitizing all input data
I have a winforms (VB 2008) based app that I'm developing and I want to use custom roles for user access.
Application Layout:
I have a Main form that opens a login form when certain actions occur. The Login form intern uses an authentication class that I've created, to authenticate users and set access rights. On my Applications settings page, I have Authentication Mode set to Application-defined because I cannot use Windows Authentication in the environment where this will be deployed.
The application uses a MS SQL 2005 db and the 3 tables I'm using in the authentication process are the User_Account , User_Roles and User_Access tables. The combination of an account in the User_Account and the roles within the User_Roles table are the bases for the User_Access table. Using the User_Access table is how I assign access to the various functions within the application
Authentication Method:
To authenticate a user, I'm using the "My.User.CurrentPrincipal" (Code below) method. The My.User object works great and allows the use of "My.User.Name" property throughout the app when referring to the currently authenticated user.
Access Method:
In order to set the current users access levels I'm using a function within my Authentication class and passing in My.User.Name as a variable. The function uses a Dataset Table Adaptor and a Select Case statement inside a For loop to assign all the access levels for the user (Function code below).
My Problem:
This method of assigning access rights to a user does work but it's not persistent throughout the application as the My.User object is. I would like to find a way to create custom roles through the My.User object using its .IsInRole property. I would like to have these roles dynamically created using my User_Roles table.
This would allow the custom roles to be used throughout my application using the My.User.IsInRole("MyRole") syntax ...similar to how I'm currently able to use My.User.Name. Unfortunately the only roles I can currently validate against are the built in Windows type accounts (Adminisrator ...ect.).
I have found lots of information and examples related to ASP.Net as well as setting up Winforms Windows authentication but nothing so far directly related to my issue.
I think there's a way to accomplish this...but I have not been able to find it. Any help would be greatly appreciated!!
Thank you for your help!
'User Authentication example:
If Authenticate.CheckPassword(tbxUserName.Text, strPassword) Then
My.User.CurrentPrincipal = New GenericPrincipal(New GenericIdentity(tbxUserName.Text), Nothing)
'Access assignment example:
Public Shared Function GetUser(ByVal strUsername As String) As Authenticate
Using UserAdapter As New dbUserTableAdapters.User_AccountsTableAdapter()
Dim UserTable As dbUser.User_AccountsDataTable = UserAdapter.GetByUser(strUsername)
Dim tempUser As New Authenticate() _
With {.ID = UserTable(0).id, _
.Username = UserTable(0).User_Name, _
.Password = UserTable(0).id}
Using AccessAdapter As New dbUserTableAdapters.User_AccessTableAdapter()
Dim AccessTable As dbUser.User_AccessDataTable = AccessAdapter.GetByUser(tempUser.ID)
For c As Integer = 0 To AccessTable.Rows.Count - 1
Select Case AccessTable(c).Role_Id
Case RoleType.SysAdmin
tempUser.AllowSysAdmin = True
Case RoleType.Maintenance
tempUser.AllowMaintenance = True
Case RoleType.ReportAll
tempUser.AllowRptAll = True
Case RoleType.ReportException
tempUser.AllowRptExceptions = True
Case RoleType.EventManagment
tempUser.AllowEventStart = True
Case Else
End Select
Next
Return tempUser
End Using
End Using
End Function
I think you need to implement a custom IPrincipal object which accesses your SQL table. Try this page.
Edit:
First, have a look at the definitions of IIdentity and IPrincipal. You'll note that IIdentity doesn't have a 'Role' property defined. They've chosen to implement an additional property called Role on their implementation of IIdentity (SampleIIdentity) and then they've used it from their implementation of IPrincipal. What I'm suggesting is that you implement your own Role property (which queries your existing table) and returns one (or an array) of a Role type you define yourself. Then in your implementation of IPrincipal, you can code IsInRole to query the new Role property. Hopefully that makes more sense that my rather skimpy answer.