I have developed a small desktop application using c# and Ms Access 2002. Database is password protected and contains sensitive data. As many password retrieval tools are available, What should I do to protect Ms-Access (.MDB ) file? Is there any way through which I can hide database file
I want only SQL Server Authentication not Windows Authentication Because If some one copy database and attach at some other place using Windows Authentication then they can see each and everything.
I want something like Access (I know its password can be broken very easily)
I want to protect Table & SP Schema, Data is not much important.
We wrote an erp,and provide a platform to participator to extend my erp system,so I will give my participator database dictionary,but I only want to give partial database dictionary,I will hide some table and some field, I want they cann't open the database thouth sql server management studio or other tools,only can using our interface to access database,how can I do?
Hello,How to protect structures(Tables,SP,Views and Functions) of a SQLServer Database?(Password protect a database file)I have a SQL database that will distribute with my application, I wantto protects it's structure from my appliction users. Only myapplication can access the database.Thanks
I am developing a C# mobile 5.0SDK app that utilizes SQL2005 Compact Edition device files on Vista using as far as I know the latest SPs and versions.
Last night, I could open tables from the Server Explorer .sdf file, see the contents, edit the schema, etc. Now today, I assume all of a sudden,I am able to open schema but cannot open the table to see the contents. I get:
Microsoft SQL Server 2005 Compact Edition captioned error dialog box that says "Access to the database file is not allowed. [ File name = ],[,,]
Using Sql Server 2005 Management Studio Express, I can open the table, do queries etc. I have tried rebooting, deleting, opening old projects, deleting dataset, disconnecting mobile device, but I still get the same error. I have tried stopping the SQL Server(SQLEXPRESS) service on the server but get:
Cannot open MSSLQ$SQLEXPRESS service on computer 'p5w64'. Access is denied.
I have no idea what to do next to start moving forward again, other than try the XP environment which I will do next.
I'm not really sure my question belongs to here...
I have a database in Access (from microsoft office, of course), and I want to transfer convert it to SQL Server. Does anyone know how I can do it? It must be very simple, but I haven't found it yet....
I've done some programming before, but i'm pretty much a novice in C#. I recently installed Visual Studio 2008 Express Edition. For some reason, when i came to a point to make a connection with an SQL Sample database "NORTHWIND.SDF".... An error message show up saying "access to database file is not permitted". What causes it.???
I'm connecting to an Sql Compact database (3.1) from a C# assembly exposed via COM and called from inside a winsock LSP. The database is only used once on instantiation of the class, which happens in the first call to WSPStartup.
The issue I'm having is that under Vista and when running inside IE7 I get the error in the title. However there is no problems with IE7 under windows XP, or with Firefox and MSN Messenger under XP or Vista!
When selecting to run IE as administrator, the problem dissapears, however when using the LogonUser API to impersonate an administrator it doesnt.
This would seem like a permissions issue, strange though that Firefox under vista has no problems.. Also, the following code throws no SecurityException under either browser, indicating the code is running with full trust.
new PermissionSet(PermissionState.Unrestricted).Demand();
Any input would be a huge help, I've been banging my head against this all day..
I have Written WinForm Application that uses SQL Server Compact 3.5. I also deploy Database (SDF) File with this application. Installation Package Created Using InstallShield 2008.
I Deployed SDF in Common App Data Folder. In Administrator mode Application is working fine. But in User Mode I Get Error Message.
"Access to the database file is not allowed. [ File name = C:Documents and SettingsAll Users Application DataGeorgian MicrosystemsCodex 2007 R2 Russian DatabaseCodexRussian2007.sdf ]"
I Also Tested That Application in user mode Can Create File in ("C:Documents and SettingsAll Users Application DataGeorgian MicrosystemsCodex 2007 R2 Russian Database") Directory.
Test Environment is XP SP2
I Tryed to Copy SDF file manualy. Appplication in user mode can access on it if file is copyed in user mode. if this file is copyd in Administator mode even in users Local Directory SQL Engine can't access on it.
Please Help me to Slove this problem.
How to connect using user mdoe to SDF deploed with admin right. (MSI installer).
Greetings, I have just arrived back into the country (NZ) and back into ASP.NET. I am having trouble with the following:An attempt to attach an auto-named database for file (file location).../Database.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share. It has only begun since i decided i wanted to use IIS, I realise VWD comes with its own localhost, but since it is only temporary, i wanted a permanent shortcut on my desktop to link to my intranet page. Anyone have any ideas why i am getting the above error? have searched many places on the internet and not getting any closer. Cheers ~ J
Event 17204, FCB::Open failed: Could not open file F:MSSQLDatafilename.mdf for file number 1. Â OS error: 5(Access is denied.).When I look at the file permissions of filename.mdf, there is no MSSQLSERVER group permissions listed nor can I add it. I have tried to add MSSQLSERVER and NT SERVICEMS SQL $MSSQLSERVER but neither exist. There is also a ReportServer.mdf in the same folder with MSSQLSERVER permissions!Did I somehow delete this group? What can I do to restore this permission?
Hi I am using VWD 2008, SQL Express 2005, Reporting Services, Win-XP, IIS5Basically let's say I have 2 pages:Page1: has a SQLDataSource control that populates a GridView from a table from a database file myDB.mdf (no code behind)Page2: has a reportviewer control that show a report with data from the same table from myDB.mdf from the reportserver, (no code behind)I have attached myDB.mdf to the SQL Server Express using the SQL Server Management Studio Express.If I first open Page2 to display the ReportViewer it works ok. or using the Report ManagerNow this is the problem:If after that I try to open Page1 then a get an error message:Cannot open user default database. Login failed.Login failed for user 'myServerASPNET'. Exception Details: System.Data.SqlClient.SqlException: Cannot open user default database. Login failed.Login failed for user 'myServerASPNET'.Then I have to restart the SQL Server to fix it,Now I can open Page1 ok, but if after this I try to open Page2 (ReportViewer) againThen I get this error:" An error has occurred during report processing. o Cannot create a connection to data source 'my_Datasource'. &And this error if open the report using the report manager:" An error has occurred during report processing. o Cannot create a connection to data source 'my_Datasource'. § Unable to open the physical file "C:InetpubwwwrootWebsiteApp_DatamyDB.mdf". Operating system error 32: "32(The process cannot access the file because it is being used by another process.)". &Now if i check the Management Studio Express again, you can see that myDB.mdf was detached. It seems to be there by it has no Tables or definitions, so I have to attach it again..Do you know how to fix this?Thanks in advance,Ed
yes,I have an error, like 'The database file may be corrupted. Run the repair utility to check the database file. [ Database name = SDMMC Storage Cardwinpos_2005WINPOS2005.sdf ]' .I develope a program for Pocket Pcs and this program's database sometimes corrupt.what can i do?please help me
My client maintains its HR data in an application that uses Oracle as its backend. This highly-sensitive data is basically off limits to all but a select few. Presently, I use a program in Access 97 that allows one high level HR person to pass their login to linked Oracle tables and copy a large chunk of this data to Access tables. From there I can morph it as needed for the Personnel, Safety, EEOC and other areas. The client sees this PW-protected, encrypted Access DB as safe because, being "only an Access DB", it falls below the radar of IS. This basically means IS can't get to the data. However, accessibility and scalability are non-existent. I'd like to reduce the Access DB to a shell that simply links to Oracle and SQL Server 7 tables and performs a straight pipe of the raw data between DBs. However, now IS will be very interested (since it's SQL 7) and have Admininstrator rights, therefore causing the HR people to squash the deal. How can I lock SQL 7 up so tight that IS can't get to the data and yet be able to maintain the DB? If this is not feasible, are there any other options that might provide a solution?
Hi all, We have sql server 2000 on Windows server 2003.Is there anyway in sql server 2000 to protect some crucial data, even from the DBA. Thanks in advance...
Hello. I have a report with parameter called "parm1", that gets a value of "true" or "false" depanding on another parameter.
When the report is runnig the parm1 value is "false". How can I protect this parameter from a change by the user? I mean - the user can run the report and then add to the url "¶m1 = true".
Can I do anything against that? I tried marking it as "internal" and I thought that now it can get his value only from inside the report but it didn't worked.
Just read about SQL injection, and tested it out with sample database, and it does hack my database, the article show to prevent SQL injection by using application code to remove those keywords and change single quote to double quote, is there any method to prevent SQL injection directly using the database system itself, maybe stored procedure or anything?
Hello. I have a report with parameter called "parm1", that gets a value of "true" or "false" depanding on another parameter.
When the report is runnig the parm1 value is "false". How can I protect this parameter from a change by the user? I mean - the user can run the report and then add to the url "¶m1 = true".
Can I do anything against that? I tried marking it as "internal" and I thought that now it can get his value only from inside the report but it didn't worked.
I am developing an application that uses Access database (mdb file) to store the user data. The user of this application is not interested in the database file (to view in MS Access Environment). Does the user machine requires MS Access installation to run my application or just some couple of dlls (OleDB driver, Access DB Engine,..) should be enough to run my application?
Hi all,I have been learning .net and creating a public facing site. I am therefore worried about SQL injection.My question is...Is enclosing customer input inside .net SQLParameters enough to protect you from SQL injection?If not why not?I have seen people saying that SQLParameters alone is not enough but not an explanation why?Can anyone help?If I use code to remove words like drop or characters like '%' I'm limiting what my users can enter, but if I have to I will. taC
I have designed a Microsoft SQL Server 2005 database application using Visual Basic 2005. I want to control access to the database programmatically, without the End-User opening the database in SQL Server.
I want to protect the database structure such as my tables, code, etc. This restriction should include all the Administrators of the Computers on which my application will be deployed. Any modification of my database or code should be implemented only by me.
What is the best way to do this using (a) Windows Authentication Login? (b) SQL Server Login? How do I configure the User-Login?
NEW: In addition to above question, how best do I achieve this protection if installing the DB with other databases in an already existing server, is it possible to remove the Builtin Admin from the server role?? As in my case, there is no need for anyone else to open the DB in Management Studio at all as my VB application does all that is required.
I have a DB on my SQL Server Express 2005. In this db I have one table and I DON'T want any user can modify data on this table but I want only show this data (only select statements allowed). If I install this db on one of my customers' machine, I can see that he can modify data into this table If he log in into the database with windows authentication and not with the "USERLOGIN" that I have created with sql server authentication. What can I to to remove dbo access in Windows authentication in my db and "transfer" the dbo in another user access (like MYUSER with Sql Server authentication)?
We have been asked to look into using stored procedures with SQL Server 7.0 as a way to speed up a clients site. 99% of all the articles I have read along with all the books all say Stored Procedure should be used whenever possible as opposed to putting the SQL in your ASP script. However one of my colleagues has been speaking to Microsoft and they said that that they were surprised that our client wanted to use Stored Procedures as this was the old method of database access and that now he should really consider using COM objects for data access as itis much faster. Has anyone got any views on this or know of any good aticles regarding this matter ?
I have some tables in the employee database, this database created from sql sever 2000. I build a employee management application by C# and sqlserver 2000.
My goal is after design complete the empployee database by sqlserver 2000, any users can not modify my tables and unkonw table's structure. help me please
We have a table which needs to be updated 2 million times per day. It hosts all real time transaction. There are 200K records in this table. Would you please to share your experience with me about how to protect/save such table in SQL 2000 from any possible damage?
We plan to use point-in-time backup (every 5 minutes). It still takes at half an hour to recover the whole database. Any new technology from Microsoft or SQL 2000 you can recommend?
This post contains the code for this thread: http://www.sqlteam.com/Forums/topic.asp?TOPIC_ID=14475
It deals with the problem how to prevent log actions in long running batch jobs from being rolled back. It was heavily inspired by Andy Pope´s approach to error handling (http://www.sqlteam.com/item.asp?ItemID=2290) and in fact you will see much of his code here.
The code:
This procedure dynamically opens a second connection in parallel to the existing connection of the calling procedure using SQL-DMO. So the second connection runs without the scope of transaction of the calling procedure. So no action you take here is rolled back in case the calling proc fails. So be careful! Keeping data integrity is your job here and you could do many weird things to your database. The procedure dynamically adds a user function that if called just would return the object token of the new DMO connection. So any piece of code in the same batch could reuse the exisiting connection.
LogConstructor CREATE PROCEDURE LogConstructor AS
if exists (select * from sysobjects where id = object_id (N'dbo.MFF_GetLogObject') and OBJECTPROPERTY(id, N'IsScalarFunction') = 1) drop function dbo.MFF_GetLogObject
-- Create the SQLServer object EXEC @Error = sp_OACreate 'SQLDMO.SQLServer', @oSQLServer OUT IF @Error <> 0 GOTO OA_Error
-- Set the login process to use NT Authentication EXEC @Error = sp_OASetProperty @oSQLServer, 'LoginSecure', -1 IF @Error <> 0 GOTO OA_Error
-- Connect to server using NT Authentication EXEC @Error = sp_OAMethod @oSQLServer, 'Connect', NULL, @@SERVERNAME IF @Error <> 0 GOTO OA_Error
-- Verify the connection EXEC @Error = sp_OAMethod @oSQLServer, 'VerifyConnection', @Return OUTPUT IF @Error <> 0 GOTO OA_Error IF @Return = 0 GOTO OA_Error
-- Create Function with server object select @dynsql = N'CREATE Function MFF_GetLogObject () RETURNS INT AS BEGIN RETURN ' + cast(@oSQLServer as varchar) + N' END' EXEC sp_executesql @dynsql
return
OA_Error: -- Get the error text EXEC sp_OAGetErrorInfo @oSQLServer, @Source OUT, @ErrorMsg OUT SELECT @ErrorMsg = CONVERT(CHAR(16), @Error) + ': ' + @ErrorMsg + ' (Source: ' + @Source + ')' print @ErrorMsg return GO The next procedure just drops the DMO connection and also drops the user function as the token is invalid by now. This proc should be called within the same batch as the constructor to clean things up properly.
LogDestructor
CREATE PROCEDURE MFP_LogDestructor AS
declare @lo int select @lo = dbo.MFF_GetLogObject() exec sp_OADestroy @lo
if exists (select * from sysobjects where id = object_id(N'dbo.MFF_GetLogObject') and OBJECTPROPERTY(id, N'IsScalarFunction') = 1) drop function dbo.MFF_GetLogObject GO
Hi, i want to know if its posible to create credentials or certificates in order to protect a SQL 2005 data base.
Because if someone Buckups one of my DBs from my server, and try to restore it in orther server i dont want they to see my DB information because he dont have the correct credentials or certificates for it.
I got a problem concerning encryption. The thing is I have decided to use symmetric key protected by certificate to encrypt certain information. Certificates are protected by database masterkey and by service key.
But I also want to be sure that if someone steals my database with all its data he wont be able to decrypt it with his own SQL Server Management Studio where he has all the permissions.
Also after some time I will need to take my database and set it up on another PC.
Has anyone ideas how to solve this??
P.S. As far as I know if symmetric key is protected by certificate which is protected by DB master key and service master key then you cant decrypt data if database is moved to another workstation and opened with another Management Studio. Please can anyone explain how this works( if its true). And if this is true then how can i move my DB without loosing access to encrypted data???
Panos writes "I am working with SQL Server 2005 Express Edition. How can I protect mdf files from being transfered (attached) and be used to another SQL server in another machine? Thanks Panos"
How to Protect From SQL Injection in ASP.NET and SQL 2005 for custom query expression?In my project, I allow user to custom query expression through UI, such asstring queryCondition=' sale>20 and sale <100'string queryCondition=' createDate>"10/10/2005"'string queryCondition='Fullname like "%Paul%" '...I construct SQL based the queryCondition string, such as string mysql='select * from mytable where '+queryConditionI know it's very dangerous because of SQL Injection, but it's very convenient for user to custom query expressionCould you tell me how to do? many thanks!
I am exporting the data from database to an excel template that will have 100+ columns and approx 4000 rows of data. Then the business user will make changes to some columns without modifying primary key columns and will send back to us where we will update the same to database.
In order to this am using an excel template by protecting the primary key columns with a password protection.
At template level am fine and whenever am trying to modify any primary key column it's not allowing and am totally good there. But when I use that excel template as a destination to load data from SSIS, all the protected columns are no longer protected and i could able to make changes.
Cannot open backup device '{CC60D260-C5DD-406A-9E63-64A9503A9763}1'. Operating system error 0x80770006(error not found).
This is followed by Event ID 3041:
BACKUP failed to complete the command BACKUP DATABASE CommunityServer. Check the backup application log for detailed messages.
It looks to me like the virtual device creation fails in the first step, the next three event messages are the cleanup of the failed virtual device, and the final two messages are the failed SQL backup as the expected device doesn't exist.
My question is why? The message seems to indicate bad memory, but I'm sure the physical memory is good - The 16GB in this server has been tested extensively, and I have no other issues. Perhaps its some sort of memory allocation error?
I'm going to apply cumulative update 7 to this SQL server to see if it makes a change. What's the latestest version of sqlvdi.dll available?