保护乌鸦数据库 [英] Securing the Raven Database
问题描述
我试图限制对我们的RavenDB只有一个用户。改变设置来保护数据库后,我仍然可以访问RavenDB管理工作室,我不知道为什么。我跑RavenDB作为Windows服务,我使用的是建立573。
I'm trying to restrict access to our RavenDB to only one user. After altering the settings to secure the DB, I can still access the RavenDB management studio and I'm not sure why. I'm running RavenDB as a windows service, and I'm using build 573.
这是我的Raven.Server.exe.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="Raven/Port" value="*"/>
<add key="Raven/DataDir" value="~\Data"/>
<add key="Raven/AnonymousAccess" value="None"/> <!-- Settings are Get, All, None -->
<add key="Raven/Authorization/Windows/RequiredUsers" value="FS-6103\PrestoDatabaseUser"/>
<add key="Raven/MaxPageSize" value="2147483647"/>
</appSettings>
<runtime>
<loadFromRemoteSources enabled="true"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<probing privatePath="Analyzers"/>
</assemblyBinding>
</runtime>
</configuration>
如果我只允许 FS-6103 \\ prestoDatabaseUser
,为什么我能仍然连接到管理远程工作室?我登录为我的Windows AD帐户。我甚至可以修改文档,而这正是我试图prevent。我缺少一个设置?
If I'm only allowing FS-6103\PrestoDatabaseUser
, why am I able to still connect to the management studio remotely? I'm logged in as my windows AD account. I can even modify documents, which is exactly what I'm trying to prevent. Am I missing a setting?
推荐答案
你说你是在构建573?这是很老了。按照释放记录它是在12/15/2011公布。有一个提交日期为2/22/2012 ,说的更改为授权返回403,如果用户不在组或用户名单的。这可能是你需要一个修复。
You say you are on build 573? That's very old. According to the release history it was published on 12/15/2011. There is a commit dated 2/22/2012 that says "Change Authorization to return 403 if user is not in group or users list". That's probably a fix that you need.
我想至少更新到最新稳定版本 - 1.0.960,看看您的问题仍然存在。
I would update to at least the last stable build - 1.0.960 and see if your issue persists.
如果您在生产环境中不是,现在是移动到2.0的好时机不稳定。
If you're not in a production environment, now would be a good time to move to 2.0 unstable.
这篇关于保护乌鸦数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!