From: | Dave Page <dpage(at)pgadmin(dot)org> |
---|---|
To: | "Langley, Scott E" <slangley(at)scharp(dot)org> |
Cc: | "pgadmin-support(at)postgresql(dot)org" <pgadmin-support(at)postgresql(dot)org> |
Subject: | Re: Getting PgAdmin 4 in server mode to behave more like PhpPgAdmin? |
Date: | 2016-10-04 09:15:39 |
Message-ID: | CA+OCxozj8mgoMnf+waL=EuRoaZNKsEd--vF3PrBBRgfsPap7_A@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-support |
Hi
On Mon, Oct 3, 2016 at 10:00 PM, Langley, Scott E <slangley(at)scharp(dot)org> wrote:
> How would I go about getting PgAdmin 4 running in server mode to behave more
> like PhpPgAdmin where the configured database connections are set up once in
> the server's configuration, and individual database users only need to use
> their database credentials to connect, rather than requiring separate web
> login accounts?
>
>
>
> For example, one can edit the configuration file for PhpPgAdmin:
>
>
>
> phpPgAdmin/conf/config.inc.php
>
>
>
> to not require a login to the web server:
>
>
>
> $conf['extra_login_security'] = false;
>
>
>
> and define the configured databases like so:
>
>
>
> $conf['servers'][0]['desc'] = 'First Database';
>
> $conf['servers'][0]['host'] = 'pgserver1.mydomain.com';
>
> $conf['servers'][0]['port'] = 5432;
>
> $conf['servers'][0]['sslmode'] = 'allow';
>
> $conf['servers'][0]['defaultdb'] = 'template1';
>
>
>
> $conf['servers'][1]['desc'] = 'Second Database';
>
> $conf['servers'][1]['host'] = 'pgserver2.mydomain.com';
>
> $conf['servers'][1]['port'] = 5432;
>
> $conf['servers'][1]['sslmode'] = 'allow';
>
> $conf['servers'][1]['defaultdb'] = 'template1';
>
>
>
> Why would I want to do this?
>
>
>
> First, I don’t want to have to maintain two login accounts per user, and
> second, I want to pre-configure the database configurations for our
> less-savvy users in our controlled network environment.
>
>
>
> Would this functionality require substantial code changes to PgAdmin 4 or
> could it be achieved via an add-on module?
It would require substantial changes, as it is not the way pgAdmin 4
is designed to work. pgAdmin has it's own login mechanism so that a)
it isolates the database servers from direct attack (assuming they're
behind a firewall or similar), and b) to allow multiple users to have
their own sets of servers that they work with.
It's worth noting that we intentionally did not follow the phpPgAdmin
design in this regard.
> Note: If I turn on SERVER_MODE for PhpAdmin 4 after first running the setup
> for Desktop mode, all the web client sessions I point at the server attempt
> to use the same database user login. That certainly is not what I want for
> a multi-user application. This is with the server running as a web
> application in a Python environment. Perhaps it behaves differently when run
> as WSGI application under Apache?
I can see how that would be the case if you run under a server but in
desktop mode - in that case, there's no need to login to the
application, and pgAdmin will treat all users as the same person.
Running that way is highly insecure and should not be done.
Essentially, you've configured it to disable security.
To run securely you need to set SERVER_MODE = true, and then run
setup.py. That will create a default user and allow you to later add
more users. Each user account will have their own sets of servers etc.
independent of the others.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Page | 2016-10-04 09:23:20 | Re: pgAdmin4 - Query Tool stuck "Initializing the query execution!" on localhost |
Previous Message | Ashesh Vashi | 2016-10-04 09:10:10 | Re: pgAdmin4 - Query Tool stuck "Initializing the query execution!" on localhost |