Hi, i want to know if its posible to create credentials or certificates in order to protect a SQL 2005 data base.
Because if someone Buckups one of my DBs from my server, and try to restore it in orther server i dont want they to see my DB information because he dont have the correct credentials or certificates for it.
This is posible?. if is, How i do it ?
Best Regards.
With the new functionality provided by sql server 2005, can we use the certificate functionality to act as a db store for third party certificates. Posts that I have seen so far indicate that there is no direct access to the certificate store once a certificate has been imported to the db. Given that the database is more portable (for failover purposes for certificate storeage, lack of access to the certificate store should be considered a considerable problem for ISV's.
Failing that, if we need to impliment this functionality ourselves what is the best format to store certificates in the database (blob or other)
thanks
Mike
Hello:
I have access to a microsoft certificate server and I have generated a server certificate for use in my SQLexpress installation. The certificate was installed into the personal folder of the local machine. The MMC certificate snap in can see it fine.
When I use the SQL server configuration manager and look in the certificate tab and try to use the drop down to find the certificate so SQL express can use it, nothing shows up.
Can someone please give instructions on how I can get SQl express to use the server certificate that I just installed?
Thanks.
Larry
Does SQL Server support wildcard Certificates. When you install the wild cert in the certificate store, the sql configuration manager does not see it in its drop down list. Id it does, what are the steps or please point me to the right direction. Does the cert need to be specifically for that particular hostname. Thanks
View 1 Replies View RelatedI am looking for a good introduction into the handling of certificates in SQL 2005.
I need to sign a procedure to allow it to access a dm view.
I do understand the theory and the syntax, but I have trouble coming up with an easy but still secure way to create these certificates on all customer servers without allowing misuse.
All articles I could find are going through creating a new database, setting up a certificate with or without password, signing an example proc and then dropping the database.
Non seems to care about the problems that occur later on during the life of a certificate.
Thanks
Hi,
I want to get all the student from a Database table which store student certificate. For example, I need a query of student who "HAVE" 3 certificate(Cert A, B, C).
Certificate Table:
StudentName CertificateName
John Cert A
Wilson Cert B
John Cert B
John Cert C
Michael Cert A
Output:
John
sqlQuery = "Select * from CertificateTable Where (CertificateName = 'Cert A') AND (CertificateName = 'Cert B') AND (CertificateName= 'Cert C')"
This is my query, but it not works.
Calvin
Need to replicate mobile device that uses a wildcard certificate. Heard that ms windows mobile 5.0 does not support wildcard certificates. Is there a solution around this using vb.net.
https://myrep.domain.com/dbname/sqlcesa30.dll
Microsoft CF 2.0
Microsoft SQL Mobile 2005
Microsoft SQL Mobile 2005 Replication
Hi,
View 3 Replies View RelatedHi There
I just want to be 100% sure about something.
Certificates generated for use with service broker endpoints must be generated in the maste database, correct?
What are the implecations of the master key is changed for the master database ?
Thanx
Hi There
This may seem like a stupid question but i am trying to get the hang of the new security model.
I have not really heard anything mentioned about certficate expiration date when it comes to creating certificates for keys or service broker endpoints etc.
We have created certificates for keys and service broker endpoints, now what exactly happens when the expiration date, by default 1 year i think is reached, will we no longer be able to decrypt encrypted data and will the service broker endpoints stop working etc ?
Or is this expiration date when the certificate can no longer be used to create security objects ? And all security objects already created with this certificate will always work ?
In other words is there ever danger that keys and endpoints or basically any object referrencing this certificate will just suddenly stop working one day, or will all objects work indefinately regardless of an certificate/objects expiration date ?
Thanx
Hello Guys,
Here it is my scenario;
My principal server in LAN and my mirror server in DMZ and Iam using certificates both partners (I dont use witness server).
I did not use wizard.I have just Setting Up Database Mirroring Using Certificates (Transact-SQL)
(http://msdn2.microsoft.com/en-us/library/ms191140.aspx)
Iam sure all steps are ok!(I mean ports,certificates,users,logins,endpoints,GRANT CONNECT ON ENDPOINT,SP1....)
But I am still getting error Principal Server;
Database mirroring connection error 4 'An error occurred while receiving data: '64(error not found)'.' for 'TCP://195.xx.yy.zz:5022'.
Also,Mirror Database status changed (Restoring---->In Recovery)
I tried many tests but I did not succeed.Do you have any ideas in this case or any experince in database mirroring using certificates.
Many thanks for your reply...
Regards..
Tarkan G.
I am currently trying to replicate a SQL Mobile 2005 database with a SQL Server 2005 database through web synchronization using SSL Server AND Client Certificates. On IIS, with "Require Client Certificates" unchecked, I can replicate fine. Once I turn it on, I get a message from replication saying "A Secure Socket Layer connection is required to access this site". I have installed a client certificate in IE, and can access the https://servername/Ojt/sqlcesa30.dll site (I tried removing the client certificate, and I was denied access, then reinstalled it and it worked - so I think that part is working). Does anyone have any experience with this? My production operating environment requires client-side certificates.
View 5 Replies View RelatedI am trying to use the example in http://support.microsoft.com/kb/915852. This creates two databases SourceDB and TargetDB. If I put SourceDB on the same SQL Server instance as TargetDB, the messages is received with no problem. If I put the SourceDB on another Server so than I am using two separate servers in the same domain, the message never gets to the TargetDB. I have changed the routes to the correct server names and set the route port to 8286.
CREATE ROUTE [myRoute]
WITH
SERVICE_NAME = 'SourceService',
address = 'TCP://toto:8286';
and:
CREATE ROUTE [myRoute]
WITH
SERVICE_NAME = 'TargetService',
address = 'TCP://devbox05:8286';
My SourceDB is on one of several instances on the server toto. My instance is totofoxylady01,52005.
The certificates were generated using the passwords in the article.
Hi,
The project I'm currently working on has to be relatively simple for the users to install, so I had the idea of using service broker to "set itself up". The idea is that there will be a server with a service and suchlike already set up. Somehow the clients will get the information required to create a remote service binding, and once that has been accomplished will send a registration message to the server.
What I'm wondering is can I somehow create and send a certificate using service broker via t-sql, and also is this approach reasonable or is it a bad idea. The reason I had thought of something like this is because the people setting up the client sites may (and probably will) have very little knowledge (probably no sql server knowledge) so we need the installation to basically be a click and install.
Thanks in advance,
Adam
Any way to bulk export / import TDE Certs? I've got a bunch of databases that need to be moved to another system. Just about every database is using TDE and was wondering if there was a way to move these certs in a bulk fashion. I've got SQL and Powershell scripts to backup and restore multiple databases, but won't do me any good without the certs.
View 0 Replies View RelatedI am trying to set up SQL Server 2005 to use a test certificate from Thawte for SSL encryption. I have installed the certificate in the local computer, current user and service account's personal certificates folders. I have also installed the root certificate in the Trusted Root Certification Authorities folders of each. All this was done using MMC.
However, when I go to tell SQL Server to use the certificate, no certificates show up in the drop down box. I am using SQL Server Configuration Manager and doing the right-clickPropertiesCertificate steps shown in multiple KB and forum articles.
I have also checked the registry entry at HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft SQL ServerMSSQL.1MSSQLServerSuperSocketNetLibCertificate. It is blank, which tells me SQL Server should be looking in the certificate store.
If I simply set the ForceEncryption flag, SQL Server starts up OK and generates a self-signed certificate. Using that, the session does get encrypted. However, I need to use a third party certificate.
I have hit a brick wall and am at a loss. Any help would be greatly appreciated.
My client maintains its HR data in an application that uses Oracle as its backend. This highly-sensitive data is basically off limits to all but a select few. Presently, I use a program in Access 97 that allows one high level HR person to pass their login to linked Oracle tables and copy a large chunk of this data to Access tables. From there I can morph it as needed for the Personnel, Safety, EEOC and other areas. The client sees this PW-protected, encrypted Access DB as safe because, being "only an Access DB", it falls below the radar of IS. This basically means IS can't get to the data. However, accessibility and scalability are non-existent. I'd like to reduce the Access DB to a shell that simply links to Oracle and SQL Server 7 tables and performs a straight pipe of the raw data between DBs. However, now IS will be very interested (since it's SQL 7) and have Admininstrator rights, therefore causing the HR people to squash the deal. How can I lock SQL 7 up so tight that IS can't get to the data and yet be able to maintain the DB? If this is not feasible, are there any other options that might provide a solution?
View 1 Replies View RelatedHi all, We have sql server 2000 on Windows server 2003.Is there anyway in sql server 2000 to protect some crucial data, even from the DBA. Thanks in advance...
View 14 Replies View RelatedHello.
I have a report with parameter called "parm1", that gets a value of "true" or "false" depanding on another parameter.
When the report is runnig the parm1 value is "false".
How can I protect this parameter from a change by the user?
I mean - the user can run the report and then add to the url "¶m1 = true".
Can I do anything against that?
I tried marking it as "internal" and I thought that now it can get his value only from inside the report but it didn't worked.
Any ideas?
Thanks.
Hi,
Just read about SQL injection, and tested it out with sample database, and it does hack my database, the article show to prevent SQL injection by using application code to remove those keywords and change single quote to double quote, is there any method to prevent SQL injection directly using the database system itself, maybe stored procedure or anything?
Thanks.
Hello.
I have a report with parameter called "parm1", that gets a value of "true" or "false" depanding on another parameter.
When the report is runnig the parm1 value is "false".
How can I protect this parameter from a change by the user?
I mean - the user can run the report and then add to the url "¶m1 = true".
Can I do anything against that?
I tried marking it as "internal" and I thought that now it can get his value only from inside the report but it didn't worked.
Any ideas?
Thanks.
Hi all,I have been learning .net and creating a public facing site. I am therefore worried about SQL injection.My question is...Is enclosing customer input inside .net SQLParameters enough to protect you from SQL injection?If not why not?I have seen people saying that SQLParameters alone is not enough but not an explanation why?Can anyone help?If I use code to remove words like drop or characters like '%' I'm limiting what my users can enter, but if I have to I will. taC
View 1 Replies View RelatedDear Colleagues,
I have designed a Microsoft SQL Server 2005 database application using Visual Basic 2005. I want to control access to the database programmatically, without the End-User opening the database in SQL Server.
I want to protect the database structure such as my tables, code, etc. This restriction should include all the Administrators of the Computers on which my application will be deployed. Any modification of my database or code should be implemented only by me.
What is the best way to do this using (a) Windows Authentication Login? (b) SQL Server Login? How do I configure the User-Login?
NEW: In addition to above question, how best do I achieve this protection if installing the DB with other databases in an already existing server, is it possible to remove the Builtin Admin from the server role?? As in my case, there is no need for anyone else to open the DB in Management Studio at all as my VB application does all that is required.
Thanks and best regards,
Peter
I want only SQL Server Authentication not Windows Authentication Because If some one copy database and attach at some other place using Windows Authentication then they can see each and everything.
I want something like Access (I know its password can be broken very easily)
I want to protect Table & SP Schema, Data is not much important.
Its urgent
hello,
We wrote an erp,and provide a platform to participator to extend my erp system,so I will give my participator database dictionary,but I only want to give partial database dictionary,I will hide some table and some field, I want they cann't open the database thouth sql server management studio or other tools,only can using our interface to access database,how can I do?
-- I use sql server 2005
I have a DB on my SQL Server Express 2005. In this db I have one table and I DON'T want any user can modify data on this table but I want only show this data (only select statements allowed). If I install this db on one of my customers' machine, I can see that he can modify data into this table If he log in into the database with windows authentication and not with the "USERLOGIN" that I have created with sql server authentication. What can I to to remove dbo access in Windows authentication in my db and "transfer" the dbo in another user access (like MYUSER with Sql Server authentication)?
Thank You
Mirko
Dear All,
How is it possible to protect the Intellectual property for a integration / analysis project?
For instance if I build a complex solution €“ how do I avoid others to view and copy the solution.
Best Regards, T
Hi
I am looking at documentation of CREATE CERTIFICATE statement. I am having hard time in understanding if I want to create CERTIFICATE with above mentioned options, how I am supposed to create either PRIVATE KEY file or EXECUTABLE file. any example would be really helpful for what I am doing here.
thanks
Satya
I have some tables in the employee database, this database created from sql sever 2000. I build a employee management application by C# and sqlserver 2000.
My goal is after design complete the empployee database by sqlserver 2000, any users can not modify my tables and unkonw table's structure.
help me please
thanks and reagards
Hi Everybody:
We have a table which needs to be updated 2 million times per day. It hosts all real time transaction. There are 200K records in this table. Would you please to share your experience with me about how to protect/save such table in SQL 2000 from any possible damage?
We plan to use point-in-time backup (every 5 minutes). It still takes at half an hour to recover the whole database. Any new technology from Microsoft or SQL 2000 you can recommend?
Thank you very much.
Joan
Hey!
This post contains the code for this thread: http://www.sqlteam.com/Forums/topic.asp?TOPIC_ID=14475
It deals with the problem how to prevent log actions in long running batch jobs from being rolled back. It was heavily inspired by Andy Pope´s approach to error handling (http://www.sqlteam.com/item.asp?ItemID=2290) and in fact you will see much of his code here.
The code:
This procedure dynamically opens a second connection in parallel to the existing connection of the calling procedure using SQL-DMO. So the second connection runs without the scope of transaction of the calling procedure. So no action you take here is rolled back in case the calling proc fails. So be careful! Keeping data integrity is your job here and you could do many weird things to your database.
The procedure dynamically adds a user function that if called just would return the object token of the new DMO connection. So any piece of code in the same batch could reuse the exisiting connection.
LogConstructor
CREATE PROCEDURE LogConstructor AS
if exists (select * from sysobjects where id = object_id (N'dbo.MFF_GetLogObject')
and OBJECTPROPERTY(id, N'IsScalarFunction') = 1)
drop function dbo.MFF_GetLogObject
DECLARE @Error INT
DECLARE @ErrorMsg VARCHAR(255)
DECLARE @oSQLServer INTEGER
DECLARE @Source VARCHAR(255)
DECLARE @Return INTEGER
declare @dynsql nvarchar(3000)
-- Create the SQLServer object
EXEC @Error = sp_OACreate 'SQLDMO.SQLServer', @oSQLServer OUT
IF @Error <> 0
GOTO OA_Error
-- Set the login process to use NT Authentication
EXEC @Error = sp_OASetProperty @oSQLServer, 'LoginSecure', -1
IF @Error <> 0
GOTO OA_Error
-- Connect to server using NT Authentication
EXEC @Error = sp_OAMethod @oSQLServer, 'Connect', NULL, @@SERVERNAME
IF @Error <> 0
GOTO OA_Error
-- Verify the connection
EXEC @Error = sp_OAMethod @oSQLServer, 'VerifyConnection', @Return OUTPUT
IF @Error <> 0
GOTO OA_Error
IF @Return = 0
GOTO OA_Error
-- Create Function with server object
select @dynsql = N'CREATE Function MFF_GetLogObject () RETURNS INT AS BEGIN RETURN ' + cast(@oSQLServer as varchar) + N' END'
EXEC sp_executesql @dynsql
return
OA_Error:
-- Get the error text
EXEC sp_OAGetErrorInfo @oSQLServer, @Source OUT, @ErrorMsg OUT
SELECT
@ErrorMsg = CONVERT(CHAR(16), @Error) + ': ' + @ErrorMsg + ' (Source: ' + @Source + ')'
print @ErrorMsg
return
GO
The next procedure just drops the DMO connection and also drops the user function as the token is invalid by now. This proc should be called within the same batch as the constructor to clean things up properly.
LogDestructor
CREATE PROCEDURE MFP_LogDestructor AS
declare @lo int
select @lo = dbo.MFF_GetLogObject()
exec sp_OADestroy @lo
if exists (select * from sysobjects where id = object_id(N'dbo.MFF_GetLogObject')
and OBJECTPROPERTY(id, N'IsScalarFunction') = 1)
drop function dbo.MFF_GetLogObject
GO
Hello,How to protect structures(Tables,SP,Views and Functions) of a SQLServer Database?(Password protect a database file)I have a SQL database that will distribute with my application, I wantto protects it's structure from my appliction users. Only myapplication can access the database.Thanks
View 3 Replies View RelatedI have developed a small desktop application using c# and Ms Access 2002. Database is password protected and contains sensitive data. As many password retrieval tools are available, What should I do to protect Ms-Access (.MDB ) file? Is there any way through which I can hide database file
View 3 Replies View Related