how to review who accessed the db in production - ruby-on-rails

our contract with a outsourced company fell apart, and they seemed to access the rails console in production. We have a backup, we are able to restore the data. But we need to make sure that who accessed the rails console.
development:
adapter: postgresql
encoding: unicode
database: xxxx-xxx
host: xxx.xx.xx.xx
pool: 5
username: xxxx
password: xxxx
in host if we change the ip, and give the appropriate user name and password, we will be able to connect to production data.
So is there a way, we can see the logs of who accessed the database through console?
ps: SSH into server is not possible as the passwords are changed recently.

So is there a way, we can see the logs of who accessed the database through console?
About the only log where this can be stored is your DB server log (in form of "open new connection from XXX.XXX.XXX.XXX"). That's as far as you can get, I think.
In any case, tracking rails console access doesn't make sense. Rails console can only access data if credentials in database.yml are valid. And if credentials in their database.yml are valid, they don't need the rails console to do all kinds of nasty things to your DB. They can just use psql directly or any other client.
Change DB credentials immediately.

Related

Inexperienced Rails User: Wanting to Connect PostgreSQL to Already Existing App: Server Will not Connect

Optional Background: Hello, I’m quite new to the services on google cloud..well, and web development in general (Let’s say my training thus far is less than 60 hours on the rails framework and I’m not used to MVC or using databases at all. “Good luck kid”, I know.) My task is to deploy a mostly-done rails app that runs on Heroku to Google app engine. The app “builds” (after using gcloud app deploy), but it won’t connect to any database. Some of the files for doing that that I think should be there are missing. Namely, the config/database.yml file.
I thought it would make sense to just learn with a tutorial how you even connect a database on Google to an already existing rails app. I know rails generally just sets you up with a sqllite system automatically. But how do I write my own database.yml file to work on google app engine? And later on, how do I import all the information from our prior database...questions questions
Question Starts Here So, I started following this tutorial on the google cloud shell:
Pg 1: https://cloud.google.com/ruby/getting-started/tutorial-app I started here.
Pg 2: https://cloud.google.com/ruby/getting-started/using-structured-data Got here and decided on postgresql as my choice
Pg 3: https://cloud.google.com/ruby/getting-started/deploy-postgres and ran into an error where it tells me to call $: rake db:migrate
Here is the error message:
:~/projects/Bookshelfapp/getting-started-ruby/2-postgresql$ rake db:create could not connect to server: Connection timed out
Is the server running on host "35.193.145.252" and accepting TCP/IP connections on port 5432?”
Am I not connected to the database at all? I'm looking at my database.yml file.
Here is the format I was supposed to follow:
postgresql_settings: &postgresql_settings
adapter: postgresql
encoding: unicode
pool: 5
username: postgres
password: secret123
host: 173.194.230.44
database: bookshelf
Here is how I went for it: My database.yml file:
postgresql_settings: &postgresql_settings
adapter: postgresql
encoding: unicode
pool: 5
username: postgres
password: [my password is here]
host: 35.193.145.252
database: bookshelf
development:
<<: *postgresql_settings
production:
<<: *postgresql_settings
test:
adapter: sqlite3
pool: 5
timeout: 5000
database: db/test.sqlite3
Here is where I found the username and password:
username and password page
And I picked this IP address for the host:
IP address page
What am I doing wrong with my life? I haven’t assigned a static IP address to the VM, but I don’t really understand why I would do that.
Could anyone offer any suggestions of what to check for. I spent quite a bit of time going back into early steps and trying to find where I might have misstepped, but my inexperience isn’t offering too many solutions. Even routes to understand this problem better conceptually might help. I am not sure if I don’t know how to use some tool or if I have a big concept missing.I have never done anything like this before.
This issue seems similar to the following past questions, but I'm not sure how much they match up with mine:
question 1
question 2
question 3
question 4
If that error appears, it means the virtual machine where the database is hosted is not being accessed correctly.
The IP address you need for connecting to the database is indicated when you use SSH to access the PostgreSQL instance you created with the launcher (check the IP address that appears under the Bitnami logo).
You also have to open the server port for remote access, in this case 5432, which can be done with this command:
sudo ufw allow 5432
If you don't have ufw installed in the virtual machine, use apt-get to get it.
After that, restart the server to apply the changes, just in case:
sudo /opt/bitnami/ctlscript.sh restart
Besides, the firewall rule indicated in the tutorial is not well prepared, you have to remove the target-tags part. That way, you will be able to connect to the PostgreSQL database and continue the tutorial.

Mysql2::Error Access denied for user

I have some rails applications on my mac and they work just fine.
I have just installed a new one that uses mysql2 gem, I am starting
the server but when I am visiting the application I am getting an
Access denied error.
I am trying to follow this solution
Mysql2::Error: Access denied for user 'test'#'localhost' to database 'depot_test'
I am logging in as a root user but when I am trying to create a new database I am getting an access denied error.
Changes in your config / database.yml the user name root. test user does not exist in MySQL. I think in your development environment should look like:
Example
development:
adapter: mysql2
database: depot_test
pool: 5
host: localhost
encoding: utf8
username: test
password:
Change username to root or create test user with privileges. Remember that Rails uses environments(test, development, production u other). In your case is depot_development or another name that is not equal to another environment.
I hope it helps you.

Rails, Postgres, EC2/AWS: Database Config Does Not Specify Adapter Error

I'm trying to connect my Rails app to an EC2 instance that contains a PG database. I've already checked with Navicat that I can connect to the database given the EC2 details. The issue is that when run locally the Rails app can't be viewed; it throws the error "database configuration does not specify adapter". A similar issue is thrown when I try a database migration. I haven't even tried to push this up to my Rails EC2 since it isn't working locally.
My database.yml file looks like this:
production:
adapter: postgresql
encoding: unicode
database: postgres
host: ec2-54-197-115-117.compute-1.amazonaws.com
pool: 10
port: 5432 (have both included and removed this line)
username: a database username for security
password: the password associated with that user
My gem files include the gem pg.
For the database name I just wrote what it had in Navicat, but perhaps there's an official name associated with it I should be using; if so, how would I find it? The host I got from the EC2 details. And the username and password were the ones I set with the postgres database via unix.
Thanks in advance for any insight!
Edit:
Fixed!
Fixed! I had forgotten to create an actual DB after setting up the PG; I changed the name in my database.yml file to reflect the new db name. Also, I needed to set on my Rails app environment directly (I thought Apache did this automatically w/Passenger) with "export RAILS_ENV=production". I thought it was still broken when I restarted my server and nothing had changed, but I just had to restart the console. Hope this helps someone else out too!

How does interacting with databases on different computers/far away work? (Ruby)

So, I'm fairly new to dealing with databases, and it makes sense to me when the database is on the local machine. But, how would I deal with a database that is far away/in a different computer? How is the connection set-up? How would I be able to tell Ruby to go toy with that database? I think SQLite is required to be on the local machine, but what about PostgreSQL or MySQL? I'm positive large projects require this sort of set-up with databases somewhere else and whatnot.
Also, this means teams should be able to all interact with the same database, correct?
I've tried finding articles and reading about it, but I can't seem to find any information about this.
In ruby on rails, we have a config/database.yml file where we can do database connectivity.
To connect to the remote system's database do:
1 - Give permission to your system to access the database of remote system
Grant all on databasename.* to username#ipaddress of your system identified by password
2 - Update the database.yml file
development:
adapter: mysql
database: databasename
username: username
password: password
host: ip of remote system
Configuring database.yml for your rails app
development:
adapter: mysql
database: development_database
username: root
password: [password]
host: localhost
test:
adapter: mysql
database: test_database
username: root
password: [password]
host: localhost
production:
adapter: mysql
database: production_database
username: root
password: [password]
host: localhost
Don't forget that these databases are not just files that the local program accesses -- they are servers in their own right, and the local program submits requests (select, insert etc) to them for the database server to process and return a result.
This also explains why multiple teams can access the same database -- the database server processes are just communicating with multiple programs at the same time (and the resolution of which program sees which data when they are all accessing and changing the same tables is one of the reasons why databases are so complex).
So the location of the database is only relevant in that it can take longer to send requests to, and retrieve results from, it over the network.

Heroku with AWS RDS: Are details in database.yml needed?

We're running a Rails app on Heroku and have it connected to a database on Amazon RDS. It works fine, the security zone is configured and the app is live.
Heroku requires you to provide a Database URL in the format of
mysql2://user:pass#rdsinstance.com/database
Since we're specifying the DB info in the add-on, what do we need to provide in the database.yml file, if anything?
Would the following suffice, or do we need even less than that? Maybe just the adapter name?
production:
adapter: mysql2
encoding: utf8
reconnect: false
pool: 5
Heroku automatically replaces the content of any database.yml file on deploy with the value of the shared database, normally stored in the SHARED_DATABASE_URL config variable.
I don't know if it's save to override that value. If you do it, you should be able to connect to the database from Rails without any additional effort.
If your app is working fine and you are just wondering what you need to write inside the default database.yml file, then you can put in whatever you want, Heroku will replace it in any case on deploy.

Resources