How can we control the accesses to a SQL Server that has been deployed on customer site? Basically, we do not want user to log in the database server, even as sa, except through our application.
-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master) -A sql server 2005 on a win server 2003 in "sub domain" AD -A linked server to "sub domain" AD -A linked server login using a "sub domain" admin acccount -A view to this linked server -A grant on masterDomain/Domain Users to the database -A grant on subDomain/Domain Users to the database -We want all connections done through "Windows Authentication" not "Database Authentication".
Queries on the view work fine using "sub domain" user accounts. Queries on the view fail using "master domain" user accounts (including master domain admin accounts)
"Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."
All connections are done through "Windows Authentication" not "Database Authentication".
Can we establish cross domain connectivity with "Windows Authentication" ?
Below are details of the implementation:
SELECT TOP (100) PERCENT * FROM OPENQUERY(ADSI, 'SELECT displayname, givenName, sn, cn (etc...) FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com'' WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')
In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:
"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'
Error: Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Msg 7320, Level 16, State 2, Line 1
Cannot execute the query "SELECT displayname, givenName, sn, cn
FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'
WHERE
objectCategory = 'Person'
AND objectClass = 'user'
" against OLE DB provider "ADsDSOObject" for linked server "ADSI".
I have developed a program that required user to store information at their own machine (sql server express). So, i have included SQL Server 2005 Express Edition in the Prerequisites
When i try to deployed my program at test machine, the installer works fine, by installing the .net framework 2.0, then SQL Server 2005 Express Edition, then Finish.
When i tried to run on the test machine, my program showing me error "Open connection error". Well, i know somethings to do with my connection string,
Logically, i do not understand how this things works. my own developer machine contain Database Named "abc" with username and password "123456". The test machine do not contained any database nor username nor password. How can i fix this problem? I mean some code to perform this operation without end user knowledge.
We have few C# binaries that contains definition of CLR functions, and one stored procedure to install / create them in our database. Recently when dropping and recreating the CLR function using our stored procedure, it failed with below error:
Error/info returned: [Microsoft][ODBC SQL Server Driver][SQL Server]This server is Information Protection configured. Only the sql server web application can be used for this function. ([URL])[Microsoft][ODBC SQL Server Driver][SQL Server]The transaction ended in the trigger. The batch has been aborted.
Basically our stored procedure has standard steps to create asymmetric key for each of our C# binary and create login for that key and then grant unsafe assembly permissions to those logins.
It sets show advanced options, clr enabled, and ole automation procedures options. It then using create assembly (for each c# binary with permission_set = unsafe) and create function constructs to create clr functions in SQL server.
I have an SSIS package that executes in about 1:20min from Visual Studio on my local machine. While executing, my machine is somewhat unresponsive.
When I deploy the package to the database server -- the very same database server that I am accessing from my local machine -- the package executes but eventually hangs. It appears to be running out of memory, and I usually have to kill the process to get the machine to respond. While it's hanging, the machine is unresponsive to all users. The hardware (including memory) is identical between my local development box and the server.
How should I troubleshoot this? I've tried deploying the package to MSDB, file system, running from dtexec, and running from dtexecui. This is very frustrating!
I have a report deployed on reporting serice. I am using reporting web service. How can we call the report, assign parameters and execute it on a webpage
I am migrating from local to Dev,QA and Prod. I created a .dtsconfig file containing database connection strings to Dev database. What is the "location" on the Dev server where this .dtsconfig file nees to be deployed to??
I have written some SQL 05 CLR code that produces a single DLL file. I have specified that the code is 'Safe' e.g. it will not be carrying out any external assembly access or other file accesss.
The code simply contains some stored procedures that will update/instert etc data from the database.
The question is, how do I actually deploy the code to a a remote server? Do i simply take the DLL and use CREATE ASSEMBLY code to set it up?
Furthermore, are there any security issues i need to consider when i deploy the assembly given that I have already set up the security to be 'Safe' ? e.g. is there anyway that a database can be locked down so that CLR code would not run irrespective of the safe setting.
As far as I understand it, SQL CLR code is ran under the SQL Server service account, so does this mean that if this user is locked down the code would not run?
Any clarifications or extra info would be greatly appreciated.
Thanks for sharing your experiences here. In some cases, I've saved quite a bit of time. Unfortunately, I haven't found a solution for my current issue.
I'm using VS.NET 2005 and SQL Server 2005. My development computer is running Windows XP SP2. SQL Server 2005 database and reporting services are running on Windows 2003 Server.
My business requirement is to develop and deploy a report which takes rich text (RTF) stored in the database (datatype = TEXT) and converts it to an image at runtime using a custom assembly (source can be found here http://blogs.digineer.com/blogs/jasons/archive/2006/10/03/520.aspx). I am able to generate and view the dynamic image containing the RTF on my local (i.e., developer) computer both using the ReportManager web interface and using the Render method. When I deploy this to our test server, I end up with a broken link image.
To recap, I have taken the following steps.
Created custom assembly using VS.NET 2005 which converts RTF to bitmap image. Custom assembly has a strong name.
On local developer machine
Copied custom assembly to C:Program FilesMicrosoft Visual Studio 8Common7IDEPrivateAssemblies.
Modified C:Program FilesMicrosoft Visual Studio 8Common7IDEPrivateAssembliesRSReportDesigner.config to include a CodeGroup which grants FullTrust to custom assembly based on StrongNameMembership (NOTE: ReadMe.txt doesn't mention adding an entry to this file).
Modified C:Program FilesMicrosoft Visual Studio 8Common7IDEPrivateAssembliesRSPreviewPolicy.config to include a CodeGroup which grants FullTrust to custom assembly based on StrongNameMembership (NOTE: ReadMe.txt doesn't mention adding an entry to this file).
Modified report using VS.NET 2005 as follows
Added reference to custom assembly and System.Drawing.
Added image control with type=Database, MimeType=image/bmp, Value = call to custom assembly method; method is passed value of database field which contains RTF.
Deployed report.
Viewed report successfully both via HTML and via Render method of WebService using EXCEL as output format. HTML for image <IMG SRC="/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=ohj0pjaplbl5h255phlplz45&ControlID=883e299f22ca4413b398a024cec134b2&Culture=2055&UICulture=7&ReportStack=1&OpType=ReportImage&StreamID=ed4b4d3b-d54d-4043-9fea-1c06f153f9a1"/>
On local developer machine and server
Copied custom assembly to C:Program FilesMicrosoft SQL ServerMSSQL.3Reporting ServicesReportServerin
Modified C:Program FilesMicrosoft SQL ServerMSSQL.3Reporting ServicesReportServer ssrvpolicy.config to include a CodeGroup which grants FullTrust to custom assembly based on StrongNameMembership (NOTE: source code indicates permissions should be granted based on UrlMembership).
Deployed report.
Viewed report unsuccessfully both via HTML and via Render method of WebService using EXCEL as output format. HTML for image <IMG SRC="" /> Initially, I got error messages when exporting to Excel along the lines of ,"data is missing" but these appear to have been resolved by granting permissions in .config files which we not mentioned in ReadMe.txt. I've have run out of things to try and am at my wits end. I am convinced the solution has something to do with permissions since this works on my computer but not on the server.
Thanks in advance for any thoughts or suggestions.
I have a package which completes in 3 minutes when ran from Visual Studio but when deployed to SSIS (same machine) it rans for more than 2 hours. What could be the reason for this?
Hello, We have successfully developed the reports on our testing machine with SQL Server 2000 Enterprise + Reporting Services 2000 Enterprise. Is there any problem if we deploy the reports to the production machine that runs SQL Server 2000 Standard and Reporting Services 2000 Standard?
In SSRS 2005, I have an assembly(dll) which is included in a report in order to retrieve data ( OdbcConnection) from database as special condition while the runtime of report. This assembly works FINE in the preview of VS development tools. But it is NOT working when deploying to server, it ONLY returns default value instead of database's value.
I am having a unique problem with the Reporting server. We are using SQL Server 2005 and we have a dedicated server for reports. I created a report for creating labels and it is workinf fine in my development environment (running it through Visual Studio) but goes way off while printing it from the reporting server. I wanted to check the rdl files in the server in which I deployed but could not find it. I would really appreciate if you can give me a solution by which label printing could be done without any problem in the server.
I am developing a mobile application with Visual Studio 2005 RTM. I created a .SDF database from scratch within the Server Explorer window. Based on the properties of the database, this is a version 3.0 DB. I then deploy the application to the Pocket PC 2003 SE Emulator and I receive an error when trying to open the database from my app. It's a very generic error:
System.SData.SqlServerCE.SqlCEException
I trap the error in my code, but there is no message in the exception object.
If I try to open it with Query Analyzer on the device, I get an error stating "The file is not a valid database file". It appears that SQL CE 2.0 was deployed to the emulator.
I noticed that when I add a reference in my project to the System.Data.SQLServerCE namespace, it defaults to this DLL:
C:Program FilesMicrosoft Visual Studio 8SmartDevicesSDKSQL ServerMobilev2.0System.Data.SqlServerCe.dll
I tried removing that and manually adding a reference by browsing to this 3.0 DLL:
C:Program FilesMicrosoft Visual Studio 8SmartDevicesSDKSQL ServerMobilev3.0System.Data.SqlServerCe.dll
I then receive the following build error:
Unable to load referenced library 'C:Program FilesMicrosoft Visual Studio 8SmartDevicesSDKSQL ServerMobilev3.0System.Data.SqlServerCe.dll': Version 2.0 is not a compatible version.
If I build the database in my application from scratch from within my code, everything works fine, which I believe is because it is a 2.0 database that is generated.
To make a long story short:
How do I get my project to reference the 3.0 SQL Server CE namespace and deploy it to the emulator?
I have a report which measures supplier performance for the previous month. It takes an age to generate so I am trying to cache a copy to a null location first thing in the morning to speed up the process. The problem I'm having is in getting the report to select the first day and last day of the month for the two parameters that the report needs to run.
In BIDS the report runs perfectly when previewed, however, when it is deployed to the report server I get the following error: 'Error during processing of €˜RP2€™ report parameter. (rsReportParameterProcessingError)'
I have used the following two statements for the default values of the parameters, which work in BIDS, so I can't understand why they don't when it's deployed. I'm also sure there is an easier way of doing this, but after about an hour searching yesterday and not finding anything it only took me about half that time to use these statements:
The only caviate to using these statements is that it wont recognise when a leap year occurs, other than that, if it would work when deployed to the report server it would work perfectly for the purposes of what we need.
If anyone can see the flaw, or knows of a better and easier way of doing this please let me know.
I have a package that contains an Execute Package Task... it works fine when on my local machine and on our test-server. After deploying the SSIS solution to our customers server, I open the project in Visual Studio and run the mainPackage in debug mode and the Task fails when trying to execute the package.. if I remove everything in the childpackage it still fails... the path to the package is correct and I know that I have rigths to execut it. I do not use any package security/encryption.. If i create a new package in the project and create a new fileconnection to it the Execute Package Task executes correctly, with the exact same content as the original package...
So my guess is that something in the FileConnetion object is set wrong, but i cannot understand what it is. The errormessage i get is something like this. "Execute Package Failed. Could not execute package".
Anyone had the same problem as I? I´m grateful for any help!
I developed a site using Visual Web Developer 2005 and the database used is SQL Server 2005 Express edition.Everything works fine. However, when I move the site to my IIS server, it says that my database is read-only.Is it because my SQL Server is an express edition?
I am developing an ETL system on a 32-bit machine let's say, called 'dwdev'. The application connects to a Sybase database as a source system using ODBC connection. I am able to run this application directly from Visual studio 2005 and i am able to deploy it into SQL Server 2005 and run it from Server as a job. Both work. At this server i am connecting to a SQL Server instance called 'dwdev'.
When i transfer my application onto a 64-bit machine, let's say called 'dwtest', i am able to run my application from Visual Studio 2005 properly and it works, but when i deploy it into SQL Server (instance is called 'dwtest') and try to run it as a job just like the development machine, it gives an error and stops executing.
I was facing 'data source' type of error when i was first trying it from Visual Studio, but i solved this problem by setting Run64bitRunTime settings to FALSE on the Project's properties Debugging Page, at 64-bit machine. now it uses 32-bit runtime then 32-bit Sybase ODBC driver. But i cannot force the application to use 32 bit runtime when i am executing it from SQL Server as a job.
How can i do that? is there an alternative method?
I'm trying to protect a package... using an owner password. After I create an owner password and generate a dts command line from DTSRunUI... it puts the package password in the string. Basically if someone goes into the job and looks at this line they have the password to open the package...
We can not remove the builtin administrators group from the machine therefore system admins that want to poke around into our work can do so.... any suggestions......
Alright, so I have a basic search function to look through a field in my database which is decided by a query string. <asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:DatabaseConnectionString %>" SelectCommand="SELECT * FROM [Employee] WHERE ([Responsibilities] LIKE '%' + @Responsibilities + '%')"> <SelectParameters> <asp:QueryStringParameter Name="Responsibilities" QueryStringField="q" Type="String" /> </SelectParameters> </asp:SqlDataSource> But, I'd really like to fix it using parameterized SQL queries, so that people aren't dropping my tables. >_>I've been lookin' around for some code on how to do this in C#.NET, and most of them seem to look like this: SqlConnection objConnection = new SqlConnection(_ConnectionString);objConnection.Open();SqlCommand objCommand = new SqlCommand( "SELECT * FROM User WHERE Name = @Name AND Password = @Password", objConnection);objCommand.Parameters.Add("@Name", NameTextBox.Text);objCommand.Parameters.Add("@Password", PasswordTextBox.Text);SqlDataReader objReader = objCommand.ExecuteReader(); My problem is that I don't know how really know how to go from my code to this code... I mean, would I throw the latter in my backend code and call what it returns as a string, would I entirely replace my Datasource and do soemthin' with the code? Any help, in the form of tutorials or just straight up tellin' me here, would be greatly appreciated.Thanks. =D
Hello all, I'm using the following code to query my database... public static void InsertsComments(string Comments, string TagID, string UserName) { SqlCommand cmd = new SqlCommand("insert into TG_UserComments (Comments, Tag_ID, UserName) values (@Comments, @TagID, @UserName)", conn); conn.Open(); cmd.Parameters.Add(new SqlParameter("@Comments", Comments)); cmd.Parameters.Add(new SqlParameter("@TagID", TagID)); cmd.Parameters.Add(new SqlParameter("@UserName", UserName)); cmd.ExecuteNonQuery(); conn.Close(); } My first question is, should I be making @Comments, @TagID, @UserName a little more cryptic? Liks @CommDBQ23 or something? Does that make it safer? Also, I'm going to use stored procs query the database, instead of how I'm doing it above. What would I need to change in the code to do this? Obviously I'd need to call a stored proc on the server, but can I still protect myself from sql injections with the above code? Is there anything else I should be doing to secure my application at this level? Thanks! Matty
I've developed a database driven web app in ASP.NET and ready to deploy to my customer. However, I'd like to know is there any way to encrypt / protect the source of my stored procedure and view in SQL Server? My web app make heavily use of SPROCs and DB Views and I don't want my client to view / alter it, compared with the web app, I can compile it into a .DLL file and remove all business logic, any similar thing in SQL world?
I'm having problems with ftp tasks in SSIS packages where protectionlevel=EncryptSensativeWithPassword. I've used this many times with no problems, but now that I've upgraded to 2005 SP2, It's not working as before.
I have a functioning SSIS package with an FTP download. It works fine on my workstation in the developement environment.
If I load it to the SQL server using Server Manager Studio under my account, I cannot run the package from the server when logged on as Administrator, nor can I schedule it to run under the SQLAgent account as a job. The error mesages are: Unable to connect to FTP server using "FTP Connection Manager" and "The password was not allowed". Obviously the password being sent to the ftp server is wrong, but it was right under developement. Further more, If I log into the server under my account the package runs fine!
If I load the package while logged in as administrator, I can only run the package as administrator. And of course, if I load the package as SQLagent, I can only run the package as SQLagent.
This is not how SSIS packages were operating before I upgraded! In fact I've reloaded some existing packages and found that they now have inherited this behavior (after they have been re-imported)
It looks to me like SSIS is using the EncryptSensativeWithUserKey option, instead of the EncryptSensativeWithPassword option. I'm not sure how to confirm this, short of using a packet sniffer to watch the ftp traffic.
I could switch to PackageConfigurations, but I was happy with the EncryptSensativeWithPassword option, which seemed appropriate for our operation.
Does anyone have any ideas what could be going on, or any suggestions to troubleshoot this? How can I tell if password is encrypted or not?
I would like to build a standard BI solution based on MS SQL2008 - integration services, analysis service and reoprting services.
This stardard BI solution can be distributed to multi customers - however I want to protect the source code so customers cant access the code.
I would like to be able to ecrypt or protect the solution - so the customer only get the "executable" but they cant access the soruce code. This is to protect my intellectual property.
Kindly advise if there are any way to achive this objective in SQL2008.
I did some research in SQL 2005 long time back - but I was unable to find resolution to protect the intellectual property.
I would be extremely pleased to get some good advise on how to protect IP in SQL 2008.
we are using sql server 2000 and it's on a remote system. One of the databases "Dbase1" went to Suspect mode. when we checked both the .mdf and .ldf files were missing from the Server. they were not there at all. Is there any way to recover the databse. To make it more secure what are the possibilities which we can use so that in future we should be able to restore our databse.
I have a question that I am sure that others have had to deal with in the past. I am writing business requirements for a web application that stores names, addresses, etc. I have hit a bit of a problem in design with allowing users to enter data they need, like the name O'Brien, and developers saying that allowing the single quote in a field could allow for an injection attack. Developers want to strip out single quotes when they occur in the data, however the users are insistent that names and addresses that have single quotes in them are shown properly.
Is there any middle ground so that the system can be built to avoid an injection, but still allow data to be entered as intended.
I just installed SQL7.0 on a windows 98 machine. When I go to register a new database, I get the following message. MMC caused a general protection fault
I have rebooted the machine, removed & reinstalled the application.
Can someone recommend me the most efficient protection level for SSIS packages for my environment? I've been doing some reading on this lately, but can't really decide which one to use. The Rely on server storage for encryption (ServerStorage) seems interesting, but I'm unsure if that would work on my environment (Windows Authentication).
Currently I'm saving my packages to my dev server under "Encrypt sensitive data with user key" Protection level, but seems like the passwords for the FTP Connection for instance doesn't get saved when I deploy my package to the server.
Our environment consists of 2 dev servers + 2 prod servers with windows authentication, our SQL Agent Account is a domain account with local admin rights and sysadmin rights on the SQL Server and we try to use proxy accounts to access network resources instead of giving the agent access to everything.
This is what I found on MS's web site. http://technet.microsoft.com/en-us/library/ms141747.aspx http://technet.microsoft.com/en-us/library/ms141053.aspx
All: I am aware that I am raising an issue/question that has quite a number of ancestors in this forum. In reviewing some of the threads I still believe my situation has a bit of a twist; but that could just be me.
The process I used until a change I made recently worked just fine. A handful of my packages connect to our ERP system that only supports an ODBC connection. I set the Protection Level to the default, and then deploy the packages to the server. I use an agent to run the jobs that include these packages as steps. I have hardcoded the userID and password in the SQL jobs and so they have run fine.
In an effort to reduce maintenance on the packages I decided to run the packages from the File System instead of deploying them to the server. Now, the packages are not running as I have not changes the Protection Level yet. I did test running one of the packages using a Proxy I have created but that does not work either.
Based upon what I have read it appears that the first thing I need to do is change the Protection Level to DoNotSaveSensitive. How do I then pass the ID and password to the agent?
a. Create a confirguation file? b. Create a package template? c. Both of the above
To reiterate I do not wish to deploy the packages to the server; I prefer to run the packages from the File System. Further, I just have one box on which everything happens; there are no migration issues across servers.
Some insights from this group will be greatly appreciated.
Hello, I have a package that contains a connection manager to a DB2 source. The password is configured within the connection mananger. The configuration string was included in the package configurations (SQL Server). The package is saved in VSS, and locally on my hard drive.
When a colleague attempts to open the package is Visual Studio (from VSS), He gets a message similar to the following.
Error 1 Error loading 'Geac_RK502.dtsx' : Failed to remove package protection with error 0x8009000B "Key not valid for use in specified state.". This occurs in the CPackage::LoadFromXML method. . C:Documents and SettingscdunnMy DocumentsVisual Studio 2005ProjectsGeac_RK502Geac_RK502Geac_RK502.dtsx 1 1
I'm very sure the package protection level was to encrypt sensitive data with user key. After he ran into this problem, I tried again to open the package from my computer (the machine that the package was created on) and now I get the same message. If I attempt to open the package anyway, I first get a message that there were errors in the package while it was being loaded, and that the package might be corrupt. After that message, I get one that states the document contains one or more extremely long lines of text....do you still want to open the file. If I click yes, the package opens read only with the following message:
Microsoft Visual Studio is unable to load this document. Failed to remove package protection with error 0x80090008. "Key not valid for use in specified state". This occurs iin the CPackage:LoadFromXML method.
I'm looking into more information about package protection. What can I do to avoid this problem, and what protection level should I be using so that my colleague can open the package? How can I correct the problem with this particular package, and have the package open?
I have a problem while trying to deploy my packages that are configured in ProtectionLevel=EncryptSensitiveWithUserPassword
I use the Deployment Utility to deploy my packages. I set the password when deploying and the deplyment works fine. But I run the packages I have the following error : " Failed to decrypt an encrypted XML node because the password was not specified or not correct."
1) How much does setting encryption cost in terms of speed of querying and cpu usage? 2) If encryption is not set, is the password "encrypted" when its sent with the initialization routine?