Обсуждение: Getting PgAdmin 4 in server mode to behave more like PhpPgAdmin?

<div class="WordSection1"><p class="MsoNormal">How would I go about getting PgAdmin 4 running in server mode to behave
morelike PhpPgAdmin where the configured database connections are set up once in the server's configuration, and
individualdatabase users only need to use their database credentials to connect, rather than requiring separate web
loginaccounts?<p class="MsoNormal"> <p class="MsoNormal">For example, one can edit the configuration file for
PhpPgAdmin:<p class="MsoNormal"> <p class="MsoNormal">  phpPgAdmin/conf/config.inc.php<p class="MsoNormal"> <p
class="MsoNormal">tonot require a login to the web server:<p class="MsoNormal"> <p
class="MsoNormal">$conf['extra_login_security']= false;<p class="MsoNormal"> <p class="MsoNormal">and define the
configureddatabases like so:<p class="MsoNormal"> <p class="MsoNormal">$conf['servers'][0]['desc'] = 'First
Database';<pclass="MsoNormal">$conf['servers'][0]['host'] = 'pgserver1.mydomain.com';<p
class="MsoNormal">$conf['servers'][0]['port']= 5432;<p class="MsoNormal">$conf['servers'][0]['sslmode'] = 'allow';<p
class="MsoNormal">$conf['servers'][0]['defaultdb']= 'template1';<p class="MsoNormal"> <p
class="MsoNormal">$conf['servers'][1]['desc']= 'Second Database';<p class="MsoNormal">$conf['servers'][1]['host'] =
'pgserver2.mydomain.com';<pclass="MsoNormal">$conf['servers'][1]['port'] = 5432;<p
class="MsoNormal">$conf['servers'][1]['sslmode']= 'allow';<p class="MsoNormal">$conf['servers'][1]['defaultdb'] =
'template1';<pclass="MsoNormal"> <p class="MsoNormal">Why would I want to do this?  <p class="MsoNormal"> <p
class="MsoNormal">First,I don’t want to have to maintain two login accounts per user, and second, I want to
pre-configurethe database configurations for our less-savvy users in our controlled network environment.<p
class="MsoNormal"> <pclass="MsoNormal">Would this functionality require substantial code changes to PgAdmin 4 or could
itbe achieved via an add-on module?<p class="MsoNormal"> <p class="MsoNormal">Note: If I turn on SERVER_MODE for
PhpAdmin4 after first running the setup for Desktop mode, all the web client sessions I point at the server attempt to
usethe same database user login.  That certainly is not what I want for a multi-user application. This is with the
serverrunning as a web application in a Python environment. Perhaps it behaves differently when run as WSGI application
underApache?<p class="MsoNormal"> <p class="MsoNormal">Thanks.<p class="MsoNormal"><p class="MsoNormal">Scott Langley<p
class="MsoNormal">SystemsAnalyst/Programmer<p class="MsoNormal">Statistical Center for HIV/AIDS Research and Prevention
(SCHARP)<pclass="MsoNormal">Fred Hutchinson Cancer Research Center<p class="MsoNormal">Seattle, Washington<p
class="MsoNormal"> <pclass="MsoNormal">slangley@scharp.org<p class="MsoNormal">(206) 667-5117<p class="MsoNormal">Fax
(206)667-4812<p class="MsoNormal"> </div> 

Hi

On Mon, Oct 3, 2016 at 10:00 PM, Langley, Scott E <slangley@scharp.org> wrote:
> How would I go about getting PgAdmin 4 running in server mode to behave more
> like PhpPgAdmin where the configured database connections are set up once in
> the server's configuration, and individual database users only need to use
> their database credentials to connect, rather than requiring separate web
> login accounts?
>
>
>
> For example, one can edit the configuration file for PhpPgAdmin:
>
>
>
>   phpPgAdmin/conf/config.inc.php
>
>
>
> to not require a login to the web server:
>
>
>
> $conf['extra_login_security'] = false;
>
>
>
> and define the configured databases like so:
>
>
>
> $conf['servers'][0]['desc'] = 'First Database';
>
> $conf['servers'][0]['host'] = 'pgserver1.mydomain.com';
>
> $conf['servers'][0]['port'] = 5432;
>
> $conf['servers'][0]['sslmode'] = 'allow';
>
> $conf['servers'][0]['defaultdb'] = 'template1';
>
>
>
> $conf['servers'][1]['desc'] = 'Second Database';
>
> $conf['servers'][1]['host'] = 'pgserver2.mydomain.com';
>
> $conf['servers'][1]['port'] = 5432;
>
> $conf['servers'][1]['sslmode'] = 'allow';
>
> $conf['servers'][1]['defaultdb'] = 'template1';
>
>
>
> Why would I want to do this?
>
>
>
> First, I don’t want to have to maintain two login accounts per user, and
> second, I want to pre-configure the database configurations for our
> less-savvy users in our controlled network environment.
>
>
>
> Would this functionality require substantial code changes to PgAdmin 4 or
> could it be achieved via an add-on module?

It would require substantial changes, as it is not the way pgAdmin 4
is designed to work. pgAdmin has it's own login mechanism so that a)
it isolates the database servers from direct attack (assuming they're
behind a firewall or similar), and b) to allow multiple users to have
their own sets of servers that they work with.

It's worth noting that we intentionally did not follow the phpPgAdmin
design in this regard.

> Note: If I turn on SERVER_MODE for PhpAdmin 4 after first running the setup
> for Desktop mode, all the web client sessions I point at the server attempt
> to use the same database user login.  That certainly is not what I want for
> a multi-user application. This is with the server running as a web
> application in a Python environment. Perhaps it behaves differently when run
> as WSGI application under Apache?

I can see how that would be the case if you run under a server but in
desktop mode - in that case, there's no need to login to the
application, and pgAdmin will treat all users as the same person.
Running that way is highly insecure and should not be done.
Essentially, you've configured it to disable security.

To run securely you need to set SERVER_MODE = true, and then run
setup.py. That will create a default user and allow you to later add
more users. Each user account will have their own sets of servers etc.
independent of the others.


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company