We want to deny access to sql server 2005 database by the sql management studio or any other sql editor while our developed application can access the database even malicious user gets the login name and password by disassembling our code
Is there a way to deny the users the ability to open a server via Management Studio but still allow remote connections.
In my program I need an admin login to do various things. I am using the sa login and setting the password on install of Sql Express. But, if someone changes the password for the sa login after installation and I have the login for sa hard coded in my program, then everything will break. Is there a way to make sure that no one can change the sa password?
My program uses a database. Does the end-user have to have SQL server 2005?
It uses it to keep track of members so the database is in the installation folder and does not need to be accessed remotely
http://i130.photobucket.com/albums/p247/tarkster2/screen.gif
the above shows this error on another persons computer. they do not have sql server.
SQL server job or SP to deny access to an AD login for certain period of time to SQL server instance...i.e. to deny access to login ADxyz from 12 PM to 10 PM and revoke access to same login at 10:01 PM...
View 3 Replies View Related
I need to prevent domain and local administrators from having full control over our report manager. (I want them to be assigned permissions just like everyone else, some reports they can see other reports they can not.)
How can I accomplish this? I tried going into Report Manager -> Site Settings -> Configure Site Wide Security and re-assigning BUILTINAdministrators to the System User role instead of the System Administrator role. (A different set of report manager admins was given the system administrator role).
However, it appears that members of the BUILTINAdministrators group still have full control in Report Manager.
Hello, I Have created a folder in the IIS called Webreporting. I used sql server to generate HTML into that folder. I make NT security to that folder so certain people can view the report. Unfortunatelly my code to generate the scheduled HTML report failed and gave this error message:
Server: Msg 16821, Level 11, State 1, Procedure sp_makewebtask, Line 125
SQL Web Assistant: Could not open the output file.
Hi,
I need to give a sysadmin role to a user and I need to prevent that user to access some tables in specific databases...
thanks in advance...
I know this seems like a strange ask, but we have a common user and pass in most of our web applications and this user requires DBO access to the database, no problem is occasioannly we need to let a developer look at an issue on a production server, so we port them through to sql through the firewall so they can see it it, and they normally login wih there domain/username and this way they are restricted to what they can see and do. However all developers know the SQL user and pass used in the web app, they also know its a DBO, so this means they can login with these user details and have access to everything.
My question is how can i lock this down so i can deny access from the SQL management console for this particular user, but still allow the user to act as a DBO for the web applications.
your help here is appreciated.
Thanks
Brad
I have a login associated with a single user on a database (not master). I want that user to be able to only see what I've specified in the securables.
Now I've created a ODBC connection using that login. The problem is that the user can also see the master db info. I was expecting to see just the one view I created and granted the user to view. How do I get rid of all the master db stuff?
I'm having trouble creating a read-only view. I've got 1 or more tables that I wish to remain updatable but I want to create a view that covers the table and/or spans all the tables. However, I want the view to be select only. I can't seem to get it to work.
DENY UPDATE ON [dbo].[MyView] TO [dbo] CASCADE
All that seems to execute my dbo user can still use...
Update MyView set SomeID = SomeID + 10
Plus, ideally I just want to say, DENY UPDATE ON VIEW TO ALL
Any thoughts?
Hi All,
I have a SQL server, as I use a domain account to log on to SQL server and Sql server agent, all maintanence plans work good, since I changed from a domain into Localsystem account to log on to SQL server, and Sql server agent, all maintanence plans didn't work any more, then I tried only keep Localsystem account at SQl server , using a domain log on to Sql server agent, but it's still failed to maintanence plans. The error in job history is"Executed as user: candyl. sqlmaint.exe failed. [SQLSTATE 42000] (Error 22029). The step failed.". And the message at Sql server log is :"BackupDiskFile::CreateMedia: Backup device 'D:Database BackupsNoon BackupESMDEV_db_200406141548.BAK' failed to create. Operating system error = 5(Access is denied.)". It looks like permission problem, but for Localsystem account which should has full permission, right? I tried may ways and searched from knowledge base , still couldn't find the related solution.
Anyone can give me some advices?
Thanks.
I need to remove full admin privs from the builtinadministrator's group in report manager.
I tried removing the builtinadmin role from report manager and SQL Server, I removed it from the Site Settings area and from each individual folder's permissions.
Yet all the members of that group still have full run of the report server...
I even made a new folder that ONLY I am listed as having permissions to, yet they can see that as well...???
Suggestions?
Hi. First 3 paragraphs are about problem in general - this is for those who consider them well experienced and may have better ideas about how to solve this whole thing. In forth paragraph is the tehnical question.
Hi. First 3 paragraphs are about problem in general - this is for those who consider them well experienced and may have better ideas about how to solve this whole thing. In forth paragraph is the tehnical question.
Situation:
So me was trying to find out why files are saved in database incorrectly. First idea was to create a MD5 checksum of a file in my application and then create one with SQL script that saves data in database (data being the file, by the way).
On software side it worked fine 'cuz i'm developing in Visual Basic .NET 2005 which has a function that return a 32 byte array of hash from a data that you pass to it (like file) - GREAT!
SQL Server 2005 side - not so great. The only function that I have found so far that creates hash is HashBytes that is supposed to do it's job only there's a limintation to data size which means i cant make hash of say 4mb big file.
Problem:
So I figure maybe i could create a vb.net program that return a hash from a data passed to it and call it with SQL script (because hashbytes function doesnt work for me in case you didnt read the first 3 paragraphs)... but I don't know how:(
Any ideas?
Hi. First 3 paragraphs are about problem in general - this is for those who consider them well experienced and may have better ideas about how to solve this whole thing. In forth paragraph is the tehnical question.
Situation:
So me was trying to find out why files are saved in database incorrectly. First idea was to create a MD5 checksum of a file in my application and then create one with SQL script that saves data in database (data being the file, by the way).
On software side it worked fine 'cuz i'm developing in Visual Basic .NET 2005 which has a function that return a 32 byte array of hash from a data that you pass to it (like file) - GREAT!
SQL Server 2005 side - not so great. The only function that I have found so far that creates hash is HashBytes that is supposed to do it's job only there's a limintation to data size which means i cant make hash of say 4mb big file.
Problem:
So I figure maybe i could create a vb.net program that return a hash from a data passed to it and call it with SQL script (because hashbytes function doesnt work for me in case you didnt read the first 3 paragraphs)... but I don't know how
Any ideas?
I need detailed instructions on how to connect to a database from a Microsoft Access 2007 database to a Microsft Office Accounting 2007 database. The accounting database is an SQL 2005 datbase. It has an instance name of "MSSMLBIZ".
When I try I get an SQL error 53. Do not have permissions or database does not exist.
Thanks in advance for any help.,
Hello All,
I want to write Batch Program which will insert Data into Table every day based on some conditions.
can anyone please let me know how to write Batch Process in SQL server 2005??
Thanks.
Hi,
I am working on a software system which create a database in SQL Server 2005 and then operate on this database. I want the database to be access only from the software system and not from the Microsoft SQL Server Management Studio. How can I achieve it?
Thank you,
Bing
Hi all,
I am developing a program to connect to SQL 2005 Express. I don't know if I need any CAL license in order to make the connection. If it is not necessary for the Express Edition case, how about if my client upgrate to SQL 2005 in the future? Do I need CAL license for SQL 2005?
Thanks for any advice given.
Hello,
I have a database MS access: test.mdb.
Is it possible to attach to SQL SERVER 2005 (or 2000 than to 2005), or any other solution ?
I need to transfer all the application:
structure and data.
How to do it?
Hi,
We are using VB 6.0 as frontend and SQL server 7.0 as backend. We want to store some special charcters like Alpha, Gamma, etc in the database. We tried different ways but could not find the solution.
Could you please help on this.
Thanks,
Arun.
Is here any way to update Mobile database from command-line program that ie;
reads sql commands from text file, run query analyzer, insert readed data to SQL tab and deploy these commands?
Or any other way to do this?
hi ALL !!!
How can I insert Date in SQL Server 2000 database(table ) from ASP.NET 1.1. Program??
pls send me code if u can
pls help me ..
Hi all,
I am stuck with a problem using ASP.Net website. I created a website which accesses a database table in SQL Server 2005. The default.aspx is a form which inserts/updates/deletes data from the database. After creating the website I published it to IIS (Inetpub -> wwwroot). When I use Visual Studio 2005 and build the website and start with debugging. the form comes up and i can insert/update or delete the data from the table as I want. Now, as I have the website published I can access the form from another sharepoint website using the url as
/Employee_Data/Default.aspx">http://<mydesktop>/Employee_Data/Default.aspx
the form shows up but I am not able to access any of the database. I do not see any errors either. Once I click on the button the page just refreshes but nothing else happens. I have my web.config as :-
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true"/>
<authentication mode="Windows"/>
</system.web>
</configuration>
Am I missing something? I even have Anonymous access in the IIS inetpub properties. I can even the database as I am the administrator..... I appreciate your suggestions.
Thanks,
Kavya
Hi,
A question regarding SQL Server 2005 Express edition. Is it possible to export Access databases into SQL databases without using programming (e.g. using SQL and programming languages)?
I understand you can do this with DTS, but the Express edition seems not have DTS.
Many thanks
Yuelin
I want to migrate my Access XP database to SQL Server 2005 Express Edition. The Start Menu does not display any migration assistant in SQL Server 2005 Express menu list.
How to migrate it?
I have try to take all our table from access to SQLSERVER 2005
But not all works, so is there away where i can not import a table from access but link a table from access to my SQL.
I know it is the wrong way, normally sql is the backend, but i can't get all to work when i use my sql as backend, so if i can connect me to access from my sql and link some tables ??
regards
Alvin
I need to find all uses of special characters in a database. I used the following code to do this:
USE dbName
GO
IF OBJECT_ID('tempdb.dbo.#Results') IS NOT NULL DROP TABLE #Results
GO
[code]...
This will check all tables in the database, but if you want to check specific tables you can uncomment the line in the where clause and specify tables to be checked. The query will return any text fields that have any characters other than letters, numbers or spaces.
This code works fine for me because all the tables in my database have single column primary keys. However I know how much Jeff Moden hates cursors or RBAR queries, so my question is could this have been done by any method other than using a cursor?
I have to export data from SQL Server 2005 express to Access database. I have done many import/export using DTS package via SQL 2000. I don't have BI installed in my SQL SERVER 2005 Express. I understand that I have to use SSIS for sql server 2005. Any help is greatly appreciated.
View 1 Replies View Related
Is there any way to convert an Access or SQL server 2005 database to SQL server 2005 compact edition database??
Thank you very much!!
I want to use SQL Server to query an Access Database with about 40,000 rows of data. If possible, I don't want to upsize the database because others need acess to it in the ACC97 format. Is there a way to use ODBC to connect to the ACC97 database so that I can use the SQL query capability of SQL server to query the database.
I know access allows you to write some SQL queries but I need the power of the SQL server and now it is a matter of curiosity because I've been searching for this answer for about 8 hours.
The following installation:
- Microsoft SQL Server 2005 Standard Edition running on Microsoft Windows Server 2003 Standard Edition
- Client Service for Netware installed.
- Access 2000 database in a Novell Directory Services (NDS) Environment
- SQL Server service running under local Administrator account.
Linked server configured as follow:
Linked server: MyDB
Provider: Microsoft Jet 4.0 OLE DB Provider
Product name: Access 2000
Data Source: UNC path to my Access database
Security: Admin with no password (default Access behaviour)
I can connect to my access database by following the next steps:
- Open Management studio on the SQL Server itself (where I'm logged in as Administrator)
- Connect using Windows Authentication (Administrator)
- Create a new query, run EXEC sp_tables_ex 'MyDB'
This will return all the tables from the Access database.
I can also make a view pointing to MyDB...MyTable.
Enough prove to me It can work....
So far so good
But now the tricky part.
When I login as 'sa', I can't connect and will receive the following message:
OLE DB provider "Microsoft.Jet.OLEDB.4.0" for linked server "MyDB" returned message "'Full UNC to my access database' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides.".Msg 7303, Level 16, State 1, Procedure sp_tables_ex, Line 41Cannot initialize the data source object of OLE DB provider "Microsoft.Jet.OLEDB.4.0" for linked server "MyDB".
(In real life I want to connect to my SQL 2005 Server from a ASP.NET (2.0) application using SQL authentication, but as long as I can't get the above working this is not important for now)
I have an Access DB with about 50 tables. When I run the upsize wizard all bur four tables import beautifully, data and all. Four of the tables fail with the message 'Table was skipped, or export failed'
When I try to IMPORT the data I get 100 or so messages like this one:
Warning 0x80047076: Data Flow Task: The output column "AssessPlanPHPID" (23) on output "OLE DB Source Output" (11) and component "Source - tblAssessPlan" (1) is not subsequently used in the Data Flow task. Removing this unused output column can increase Data Flow task performance.
(SQL Server Import and Export Wizard)
And the import fails. Note that the upsize creates the tables just fine, it just won't import the data.
Any ideas?
I apologize for the fonts jumping around.
Hello,
I have a database (SQL 2005) with two schemas (dbo and s1) and with tables defined in dbo and tables defined in s1. The stored procedures are also defined in both schemas, some of them in dbo some of them in s1. Some of the stored procedures query tables from dbo and s1 at the same time.
I want to have a new db role with access to the database only through sps and no other access read/write to the tables. I created a new db role and granted execute permission to it and assigned a user to it.
When I execute stored procedure defined in dbo with query against dbo tables, it works as expected.
However, if I run stored procedure defined in s1 with query to table in dbo, I receive error about missing select permission for the table in dbo. I am not sure why, but I can assume there is an issue with the ownership chain.
I can grand read/write permission for the tables, but this will break our original requirement for limited access to the db only through sp.
The other option is to have another role r2, with read/write, privilege and to use EXECUTE AS r2 in the sp.
I would like to ask first why the error for missing select permission happens and is there another way to have role restricted to only execute permission for all stored procedures.
Thanks,
IT