How to restrict Users to see only their databases where has access?

I need to restrict the list of database for our users in a SQL Instance In order to move forward this I revoked the view any database permission to the user desired. But I figured out that only applies for databases owners so if you have access to a database but noy like db_owner even if for this user you deny "view any database". Keep listed the database on the instance

I would like to know how I can restrict to the users to only see their databases where are owners and also databases where only have access.

USE [MASTER] GO DENY VIEW ANY DATABASE TO [MYACCOUNT] GO 

Block access to multiple files with .htaccess – RewriteRule and FilesMatch fail [closed]

I am trying to block access to specific files. Neither the RewriteRule or FilesMatch rules I have tried work on the live server, it serves the files as normal with status 200 OK (I’m expecting 404 Not Found).

The regex I am using for FilesMatch is (?:test|readme|license|changelog|-config|-sample)\.(?:php|md|txt|html?). I have tested it at https://regexr.com/ and it is successful for

  • /readme.html
  • /wp-content/test.txt
  • /_test/test.txt

I have also tested the RewriteRule at https://htaccess.madewithlove.be/. It is successful for URL https://www.example.com/readme.html and https://www.example.com/wp-content/test.txt with .htaccess rule RewriteRule (?:test|readme|license|changelog|-config|-sample)\.(?:php|md|txt|html?) - [R=404,NC,L].

I have seen the answer at https://stackoverflow.com/a/51132806/3204075 The following does not work for me, I still get 200 OK for readme.html and test.txt in the root directory.

<filesMatch "(readme\.html|test\.txt)">     Order Allow,Deny     Deny from all </filesMatch> 

Can anyone suggest why the following FilesMatch and RewriteRules appear to be ignored by Apache?

RewriteRule

RewriteRule (?:test|readme|license|changelog|-config|-sample)\.(?:php|md|txt|html?) - [R=404,NC,L] 

FilesMatch

<FilesMatch (?:test|readme|license|changelog|-config|-sample)\.(?:php|md|txt|html?)>   # since apache 2.4: Require all denied   Order Allow,Deny   Deny from all </FilesMatch> 

Environment

  • Cloudways
  • Nginx 1.19.8-0
  • Apache/2.4.25 (Debian)

Thanks,

Chris

Google Search Console says it crawled the website but the access logs show no google Bots access at all

Google Search Console tells me that it crawled the website last today (I requested a fresh crawling, as the last was some months ago.)

The crawling report tells me now it crawled it, last, today.

However, the server access logs show nothing related to google bots. I can see al kind of bots, linkdexbot, ZoominfoBot, etc etc, but no Googlebot at all

What am I missing? Is google not using any detectable bot anymore or are their reports false?

AAD users lose access to database after import

I googled for the last few days but I got a bit confused and I do not know how to proceed further. Also, I’m not a DBA and I was just faced with this situation for the first time. Using sqlpackage.exe I’m exporting a bacpac from a PRD DB and import it on another server to refresh the lower environments. The original database is contained. After I’m importing the new database, the contained database users and the AAD external ones lose access to the new database. I’m fixing the contained database user by updating its password with

ALTER USER [RandomUser] WITH PASSWORD='randomPassword' 

but I am not sure what to do with the AAD users. They have an external user created for them (the aad users are placed inside a group). So far my option is to drop the said user and recreate it

CREATE USER [sthRandom] FROM EXTERNAL PROVIDER 

but in order to do this, you have to be connected with an AAD user

Principal 'sthRandom' could not be created. Only connections established with Active Directory accounts can create other Active Directory users. 

I have to automate this whole process so I could use a service principal like this. I’m creating the service principal inside all the databases, but after refresh the user won’t exist anymore, or I create it in the PRD database too, but I can not use it to login anymore.

What other options do I have? Thanks

Access category within rss2_head hook?

Can I access the current category of a category feed with the rss2_head hook to add for example itunes tags?

Lets say I have wordpress.com/catx/feed I want to get acf field elements associated with this specific category.

Here is what I am trying to accomplish:

function itunes_head() {         $  category = get_the_category();         $  categories = get_category();         global $  post;         var_dump($  categories);         echo print_r($  post);         echo $  categories;         echo $  category; } add_filter( 'rss2_head', 'itunes_head' ); 

I am assuming that I somehow can retrieve the catx category here?

Access page in subfolder URL

Is it possible in WordPress to have a custom subfolder URL for a specific page?

For example:

I want to create a page called pizza and make it accesible from https://website.com/food/pizza

I know that a page is actually a custom post type (of type page) and it can be accessed via it’s slug (post_name field in the DB). But changing the slug to food/pizza is not working.

I could create a CPT that "lives" under the food folder. But I don’t like it as a solution.

Changes to server configuration option remote access are not supported in SQL Database Managed Instances

Having just set up our new SQL Server Managed Instance, restored a sample database for testing, and run Azure’s vulnerability assessment, it produces this high risk finding:

VA2120 – Features that may affect security should be disabled

The more SQL Server features and services you enable, the larger its surface attack area becomes, making your system more vulnerable to potential attacks. These fetures should be disabled unless it is absolutely needed in this environment.

Remediation Script:

EXECUTE sp_configure 'show advanced options', 1; RECONFIGURE WITH OVERRIDE; EXECUTE sp_configure 'remote access', 0; RECONFIGURE; EXECUTE sp_configure 'show advanced options', 0; RECONFIGURE; 

Turning to Google before doing anything, I found this Microsoft Docs article stating that (emphasis mine):

This topic is about the "Remote Access" feature. This configuration option is an obscure SQL Server to SQL Server communication feature that is deprecated, and you probably shouldn’t be using it.

Can anyone therefore please provide some clarity on the following?

  1. Why is it enabled given Microsoft’s description?
  2. Does it need to be enabled in Azure SQLMI? Because…
  3. When I run the remediation script I get this error:

Changes to server configuration option remote access are not supported in SQL Database Managed Instances.

Not able to access WP Admin, it says “Sorry, you are not allowed to access this page.”

All of a sudden we are not able to get to the admin panel of the website. Once I log into /wp-login.php it redirects me to the homepage or /wp-admin (depending on whether I visited wp-admin in logged out state or not)

WordPress version: 5.6.2

When it does redirect to /wp-admin I see:

"Sorry, you are not allowed to access this page."

My first guess was that someone (maybe another user with administrator access) changed the roles. That wasn’t the case, I confirmed by looking at the database tables and the users had the wp_capabilities that corresponded to being an admin.

Then I tried a bunch of other stuffs and none worked:

  1. Created a new user using wp_create_user, added administrator capabilities, logged into that account from a private browsing window. Same.

  2. Went to the WordPress git repo searched for where "Sorry, you are not allowed to access this page." appeared, it did at many places so I added random string of text in some files to see exactly which one, it came from the file wp-admin/includes/menu.php in the last lines:

    if ( ! user_can_access_admin_page() ) {

  3. I thought maybe user_can_access_admin_page() returned wrong information for some reason, so I used a page template to output some data like so

if ( current_user_can('administrator') ) {     echo "Yes, admin"; }  if ( user_can_access_admin_page() ) {     echo "Can access admin"; } else {     echo "Can't access admin"; } 

Both returned true, yet the check on menu.php fails. Not sure why.

  1. Replaced wp-admin and wp-includes folder with fresh copies downloaded from WordPress org.

  2. Renamed the theme and plugin folders to rule out the problem coming from a plugin or theme. Not the case, it still was the same.

  3. Checked the error log of Apache2 as well as enabled debugging log for WP to look for any related error, none found. Nothing special, all the usual PHP notices that I have seen before.

  4. At one point I noticed the SSL certificate expired a month ago (problem started yesterday though) so just to be sure I renewed that as well, still the same.

Anybody who have an idea on what might be wrong would be a great help!

Access Subdatasheet (plus sign) not showing in datasheet view form but shows in table or query

I want to show inside a form in datasheet view, the plus signs for viewing subdatasheet. I have tables properly linked, all is fine and I have subdatasheet set in table/query and it displays correctly and all information well linked.

I have a form based on that table/query that has the subdatasheet but when I open the form in datasheet view so that I can see the subdatasheet, this wont show up. The plus signs are not there.

I just want a form for looking up data, not for editing and subdatasheet view serves perfectly what I want to achieve but I don’t want to open tables or queries directly but inside a form.