Moved main DB to RDS, see sys_user in schema


#1

Hello DreamFactory,

Totally in love with this product!

I recently moved my dreamfactory database to RDS and fixed the configuration through database.config.php

The problem now is that I can see df_sys_user (and actually all of the schema files) in the DSP Console. What’s worse is that users can also query the REST API and pull the complete information from any of the files.

Did I make a configuration mistake, forget to clear something or is there another problem that may be causing this?

Thanks so much!

– APIManiac


#2

@APIManiac As far as the df_sys_* tables showing up in the table listing for other database connections to your “native” or RDS MySQL, this is due to your login credentials used for the other database service connection. In 1.7, enhancements were made to allow access to all schemas/databases allowed by the login credentials, prior to that, only the schema/database given in the connection information was accessible, which was deemed too restrictive for some users who wanted access based on what they actually setup for the given credentials, i.e. if the database user used in the service connection info has been granted access to other databases on the server, the service will show and give the allowed access to them.

The best way to fix your setup would be to tighten up the grants given to the user/password that you are using in each service connection info for the other databases in your server (which in my opinion should be done anyway). This protects your info at the database server directly, not relying solely on the DSP (which does add other layers of service access control). This should be easily accomplished by using phpMyAdmin or RDS’s interfaces.