Is there a way to monitor all ODBC connections to a MSSQL server and prevent a username/ODBC combination. My problem is that we have many frontends for viewing reports, but we managed them all and users are not allow to make their own connections. Some users now uses MSAccess over ODBC to draw their own reports - they have all the permissions as neededd by the other apps.
thanx
How to prevent connection to db directly through ODBC without using application role?
could it be done for standard user and domain user ?
Thank you
Alex
Is there a way to prevent a particular user with SQL login from changing their password?
We have an application where we only want to prevent a certain user from changing their password but do not want to use windows authentication?
Hi,
How can I prevent a colleage to delete tables in a specific database.
Yes he has access to Enterprise Manager. We would like to allow him read only to the live databases.
Is this possible?
I manage a hosted environment - several actually. Meaning my company is the host. We provide some of our customers with a dedicated instance of SQL Server that they can use in read-only mode. Unfortunately, I have some very inquisitive customers who probably should be hosting their own SQL. They like to poke into the inner workings of our environment in ways that make me uncomfortable. What I originally found was that they were reading our server registry. I've disabled that. The next thing that bothers me is the amount of information available to them through SERVERPROPERTY. They don't need to know things like physical node of a cluster their instance is on, or the last time we updated SQL, or our licensing choices.
Is there any way to prevent a user from using the SERVERPROPERTY function? I've done a lot of digging and can't seem to find a way to do it.
We have a user with read,write and execute permissions.
But this user with is used by a windows application,Is able to backup on the Database server(On C: drive).
How can I prevent it to backup on the server.
vendor did a full backup for his database and put some folder not being backed up by TSM, he is the owner of the database, and delete his backup later. The backup is not copy only, all the differential and log backups taken are based on his FULL backup. so they cannot be restored.
QUESTION: To prevent this happen in the future, what is the normal practices? or any way to prevent db_owner to do the ad-hoc full backup? I am thinking of using DENY backup database, or write a policy  claiming no responsibility if vendor make it happen again.
I created account with permissions in order my program (I use C#.net) can connect to SQL Server 2008 by this account But I don't want that user can use this account to login to DB by SQL Management Studio for security purpose So how to prevent user login to SQL Management Studio ?
Can I setup "db_denydatareader" to MASTER db to prevent the access ?
Hello, all:
I am connecting to SQL Server 2000 with a trusted connection, and that is working fine. I then am issuing a SQLGetInfo call to find out the SQL_USER_NAME, which is always returning dbo instead of (my) Windows NT login name, which I expect to see. THe authentication is (apparently) confirmed by the SQL Server session monitor where it shows the right Windows NT user name logged in, over ODBC. With a standard SQL Login, untrusted, I definitely get the right user name back, not dbo.
So:
Login Type / user id /returned value from SQLGetInfo
Windows Authentication / Windows login / dbo
SQL Authentication / Windows login (UID) / UID
The problem is that I am trying to confirm that the userid entered in a dialog or passed on the command line to my application matches the actual connected user name inside SQL Server....
My questions:
Is there some pathology in Trusted_Connections that masks the Windows/NT login name and always returns UID 'dbo' from a call to SQLGetInfo? Is there a MSS (public) stored procedure that can robustly give back the logged in user name so I can bypass the SQLGetInfo call?
Can anyone give a quick description of the meaning of this message andwhat needs to be done to get a connection.I'm running DBArtisan with SQLServer 2000 client SP4 installed.I also get the same message with MS Enterprise Manager so this iscoming out of the actual ODBC connection attempt.Thanks in advance!
View 1 Replies View RelatedThe following error is recieved when updating a record using access 97 and odbc driver to an oracle database.
This record has been changed by another user since you started editing it. If you save the record, you will overwrite the changes the other user made.
Any help is greatly appriciated.
Thanks in Advance
Hi
I am new to this forum so I hope I have got the right one.
The problem I am having is I installed a new server into an office with 25 users. I joined the users to the new domain with new logins.
The server process then installed outlook 2003 onto each machine. Most machines are windows 2000
Problems arose in sage I have tied this down to the report designer and odbc.
On every machine bar 1 the report designer crashed when running a report. The problem like I said was that you cannot now connect to the odbc driver for sage and when you go into odbcad and try to look at the driver you get an error saying
The setup routines for the sage line 50 odbc driver could not be loaded due to system error 127
Then after that comes
Could not load the setup or translator library
I have looked on the net for this error and it tells you to look in the registry to make sure that the odbcinst is pointing to the correct location, I have checked this and it is. I ahve also checked the security and this seems ok aswell.
The next step was I loaded a fresh copy of windows 2000 into a new folder and tried to load the odbc driver again. This failed with the same as above.
This points to the software settings but I cannot find out where.
Iwas wondering if anyone has had the same problem and they could point me in the right direction.
Does anyone know how I can use a user variable in a sqlcommand in a Datareader source with an ODBC connection as the source?
I am storing a date value in a user variable(Date) I fill with a SQL Task and then want to use the value in the sqlcommand I use in the Datareader Source. It won't let me use the @variablename in the sql command.
Can anyone help with some advice on how I can make this work?
Appreciate any help I can get.
Thank you
Hi,
I need help with a problem: When trying to process a analysis services project, I receive the following error message -
OLE DB error: OLE DB or ODBC error: Login failed for user 'NT AUTHORITYLOCAL SERVICE'.; 28000; Cannot open database "DocumentDB" requested by the login. The login failed.; 42000.
I am using the service account for impersonation for the datasource. One suggestion I received from the data-access forum was to grant privileges to the local service for the database. I am not clear about the procedure to do that. Can someone please guide me through this? I am posting this question in this forum since this is a authentication/privilege issue.
- Sanchet
Hi, all
recently, I use the following script(somebody else) to create a database on a remote server: the script is as follow:
/*************************/
CREATE DATABASE [ErrorLog]
GO
Use ErrorLog
CREATE TABLE [dbo].[Errors] (
[ID] [int] IDENTITY (1, 1) NOT NULL ,
[SessionID] [char] (12) NULL ,
[RequestMethod] [char] (5) NULL ,
[ServerPort] [char] (5) NULL ,
[HTTPS] [char] (3) NULL ,
[LocalAddr] [char] (15) NULL ,
[HostAddress] [char] (15) NULL ,
[UserAgent] [varchar] (255) NULL ,
[URL] [varchar] (400) NULL ,
[CustomerRefID] [varchar] (20) NULL ,
[FormData] [varchar] (2000),
[AllHTTP] [varchar] (2000),
[ErrASPCode] [char] (10) NULL ,
[ErrNumber] [char] (11) NULL ,
[ErrSource] [varchar] (255) NULL ,
[ErrCategory] [varchar] (50) NULL ,
[ErrFile] [varchar] (255) NULL ,
[ErrLine] [int] NULL ,
[ErrColumn] [int] NULL,
[ErrDescription] [varchar] (1000) NULL ,
[ErrAspDescription] [varchar] (1000) NULL ,
[InsertDate] [datetime] NOT NULL
) ON [PRIMARY]
--Create the user "ErrorLog"
if not exists (select * from master.dbo.syslogins where loginname = N'ErrorLog')
BEGIN
declare @logindb nvarchar(132), @loginlang nvarchar(132) select @logindb = N'Navigator', @loginlang = N'us_english'
if @logindb is null or not exists (select * from master.dbo.sysdatabases where name = @logindb)
select @logindb = N'master'
if @loginlang is null or (not exists (select * from master.dbo.syslanguages where name = @loginlang) and @loginlang <> N'us_english')
select @loginlang = @@language
exec sp_addlogin N'ErrorLog', 'secret', @logindb, @loginlang
END
GO
if not exists (select * from dbo.sysusers where name = N'ErrorLog' and uid < 16382)
EXEC sp_grantdbaccess N'ErrorLog', N'ErrorLog'
GO
Grant select, insert On Errors to ErrorLog
/***************************/
in my *.asp program, I used the following string to connect to the database on the remote server.
/********
con.open "dsn=ErrorLog;uid=ErrorLog;pwd=secret;"
********/
the following message comes up:
/********/
Error Type:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E4D)
[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'ErrorLog'.
/*********/
what is the problem here?
when I set up dsn ErrorLOG, I used "abc" userID and password "XXX" which is our server database administrator assigned to me. I tested connection in odbc, it is OK
I just don't get, ther user ErrorLog already had login id and granted access to database errorlog. any clue, please help!
Betty
Hello,
I am new to SQL Server, sorry for my ignorance !!!
I have installed SQL Server 2005 Express on my desktop (Win 2000 Pro.)
I have created a new database.
I just created a new login/user (SQL Authentication) and when I try to login, it
errors out:
[S0001][unixODBC][Easysoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'test1'
I believe the error is from SQL Server and not from ODBC driver.
I am also only able to connect by using my own userid (the one that I am connected to my desktop): domainuserid, and then I am only able to connect to 'master' db:
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/usr/local/etc>isql SQLSERVER_POS -v
+---------------------------------------+
| Connected! |
| |
| sql-statement |
| help [tablename] |
| quit |
| |
+---------------------------------------+
SQL> use pcspos
[S0001][unixODBC][Easysoft][ODBC SQL Server Driver][SQL Server]Could not locate entry in sysdatabases for database 'pcspos'. No entry found with that name. Make sure that the name is entered correctly.
[ISQL]ERROR: Could not SQLExecute
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Hi all
This Job ran yester day fine,to day It got failed with this error
any suggestion to troubleshoot problem is appreciated.
DTSRun OnError: DTSStep_DTSTransferObjectsTask_1, Error = -2147203052 (80044814)
Error string: [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
Error source: Microsoft SQL-DMO (ODBC SQLState: 28000)
Help file: SQLDMO80.hlp
Help context: 1131
Error Detail Records:
Error: 0 (0); Provider Error: 0 (0)
Error string: [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
Error source: Microsoft SQL-DMO (ODBC SQLState: 28000)
Help file: SQLDMO80.hlp
Help context: 1131
DTSRun OnFinish: DTSStep_DTSTransferObjectsTask_1
DTSRun: Package execution complete.
I am using SSIS 2014 with the below .net framework version and installed in Windows server 2012 R2 . I have installed my client's odbc drivers (both 32 bit and 64 bit) in my production server and created ODBC system DSNs for 32 bit and 64 bit.
When i open SSIS 2014 and tried to create the odbc connection but i can able to see only the 32 bit system DSN connection ,i can't able to see my 64 bit odbc system dsn connection.
Microsoft Visual Studio 2012 Shell (Integrated)
Version 11.0.50727.1 RTMREL
Microsoft .NET Framework
Version 4.5.51650
SQL Server Integration Services  Â
Microsoft SQL Server Integration Services Designer
Version 12.0.1524.0
And i installed my client odbc drivers(32,64 bit) and created ODBC system DSNs in my local system and when i open ssis 2014 and i can able to see both the ODBC system DSNS(32,64) connections from SSIS ODBC connection.
I am using below version of .net framework in my local system which was installed in windows 7 and i have SSIS 2012 also installed in my system and i can able to see both ODBC connections using 2012 as well in my local system.
Microsoft Visual Studio 2012 Shell (Integrated)
Version 11.0.50727.1 RTMREL
Microsoft .NET Framework
Version 4.5.50938
SQL Server Integration Services  Â
Microsoft SQL Server Integration Services Designer
Version 12.0.1524.0
why i can not see the ODBC 64 bit system DSN connection from SSIS in my production server ?
Hi,
I am using VB.NET 2005 and set up an ODBC connection via ODBC.ODBCConnection to a MDB database. Therefor, I use the "Microsoft Access ODBC Driver (*.mdb)".
When I set up a ODBCCommand like "ALTER DATABASE..." or "CREATE TABLE..." and issue it with the com.ExecuteNonQuery() command, I get an error from ODBC driver, that a SQL statement has to begin with SELECT, INSERT, UPDATE or DELETE.
How can I use DDL statements via ODBC?
I would appreciate if you could help me to use ODBC for that - no OLE, no ADO.
Thanks for help!
Regards,
Stefan D.
I apologize if this is not the correct forum for this posting. Looking at the descriptions, it appeared to be the best choice.
I am running Windows XP Pro SP2. I have installed the SQL Native Client for
XP. However, when I try to add a new data source through ODBC Connection
Manager, SQL Native Client is not listed as an option. I have followed this procedure on three other systems with no problems. What would be causing the
SQL Native Client to not show up in the list of available ODBC data sources?
This is my first time to deploy an asp.net2 web site. Everything is working fine on my local computer but when i published the web site on a remote computer i get the error "Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed" (only in pages that try to access the database)
Help pleaseee
Hi all,I am having trouble getting linked Oracle 9 server in MS SQL Server2005 Express to work properly. My machine is running Windows XP.The Microsoft and Oracle OLE DB Providers have problems dealing withOracle's Numeric Data Type, so I decided to use Microsoft's OLE DB forODBC Provider and an Oracle ODBC source. When using the Microsoft ODBCfor Oracle Driver in my ODBC source I have inconsistent behavior.Sometimes my queries are processed properly, then other times I get thefollowing errorOLE DB provider "MSDASQL" for linked server "ODBCBEAST" returnedmessage "[Microsoft][ODBC Driver Manager] Driver's SQLSetConnectAttrfailed".OLE DB provider "MSDASQL" for linked server "ODBCBEAST" returnedmessage "[Microsoft][ODBC Driver Manager] Driver's SQLSetConnectAttrfailed".OLE DB provider "MSDASQL" for linked server "ODBCBEAST" returnedmessage "[Microsoft][ODBC driver for Oracle][Oracle]".Msg 7303, Level 16, State 1, Line 1Cannot initialize the data source object of OLE DB provider "MSDASQL"for linked server "ODBCBEAST".I have no idea why sometimes I can connect to the linked server with noproblems andwhy other times it performs like this. I'm not changing anything aboutthe system I can think of. When I use an Oracle client (PL/SQL) I haveabsolutely no problems connecting. TNSPING returns that the connectionis good.This is unacceptable so I decided to try my luck with the Oracle 10gODBC driver. However when I use this and perform an openquery selectagainst the linked server I get back only 11 rows, when I know that thedatabase has over 100 rows (in fact when using the Microsoft ODBCdriver and it works that's what I get). I figured maybe the buffersetting needed to be raised in the ODBC configuration so I took it from64000 to 600000 (a magnitude of 10) but I still get back only 11 rows.I'm at my wit's end.Any suggestions on resolving one or the other problem would be muchappreciated.Thanks much
View 2 Replies View RelatedI am building my first ASP.Net app from scratch and while working on the DAL I came across the problem of SQL Injection. I searched on the web and read different articles but I am still unsure about the answer. My question is should I add
db.AddInParameter(dbCommand, "AvatarImageID", DbType.Int32, avatarImageID);
Add in Parameters to my C# code to avoid SQL Injection. What is the best practice. I am unclear if the stored procedure already helps me avoid SQl Injection or if I need the add in parameters in the C# methods to make it work. I need some help. Thanks, Newbie
My C# update method in the DAL (still working on the code)
private static bool Update(AvatarImageInfo avatarImage)
{
//Invoke a SQL command and return true if the update was successful.
db.ExecuteNonQuery("syl_AvatarImageUpdate",
avatarImage.AvatarImageID,
avatarImage.DateAdded,
avatarImage.ImageName,
avatarImage.ImagePath,
avatarImage.IsApproved);
return true;
}
I am using stored procedures to access the data in the database.
My update stored proc
set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[syl_AvatarImageUpdate]
@AvatarImageID int,
@DateAdded datetime,
@ImageName nvarchar(64),
@ImagePath nvarchar(64),
@IsApproved bit
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
BEGIN TRY
UPDATE [syl_AvatarImages]
SET
[DateAdded] = @DateAdded,
[ImageName] = @ImageName,
[ImagePath] = @ImagePath,
[IsApproved] = @IsApproved
WHERE [AvatarImageID] = @AvatarImageID
RETURN
END TRY
BEGIN CATCH
--Execute LogError SP
EXECUTE [dbo].[syl_LogError];
--Being in a Catch Block indicates failure.
--Force RETURN to -1 for consistency (other return values are generated, such as -6).
RETURN -1
END CATCH
END
Have a job that calls a DTS package, DTS is an Export & Import wizard to copy tables. Someone deleted a table from source and my job failed last night. Inputs appreaciated.
View 12 Replies View RelatedI'm going thru my application log, and just seeing what errors are popping up. I have a relatively intense search feature, thats causing alot of deadlocks.
Exception type: SqlException
Exception message: Transaction (Process ID 105) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.
In general, what's the best way to resolve this ?
Should I see if I can apply "WITH (NOLOCK)" to my data ?
Any suggestions are greatly appreciated !
thanks again!
mike123
Hi
I want to try and protect myself from my own stupidity. I have a number of sql databases, but one is LIVE. It is easy to drop tables but I want to set something (e.g. a password) which will help prevent me from dropping tables on the live database.
Any help/direction here would be appreciated.
Hi,I'm using SQL Server 2000 MSDE on a laptop running Windows XP.I have a couple of SP's that that quite some time to compile. So I waswondering: is there any way to have the database *not* recompile them everytime after a reboot?BOL says: "As a database is changed by such actions as adding indexes orchanging data in indexed columns, the original query plans used to accessits tables should be optimized again by recompiling them. This optimizationhappens automatically the first time a stored procedure is run afterMicrosoft® SQL ServerT 2000 is restarted."Now the SQL Server is restarted a lot, because laptops don't have endlessbatteries <g>Cheers,Bas
View 3 Replies View RelatedHello
I noticed a spelling mistake in the data in a column of several tables, I used the following syntax to alter the spelling:
UPDATE [dbo].[Prod_Cat] SET [ProdName]=N'merseyside' WHERE ProdName = 'mmserseyside'
The above code correctly updated the spelling error, but it also inserted a new row with the corrected data.
So I found myself with two Identical rows containing the corrected information. I had to manually delete the extra row. Because if I had put in a DELETE statement, I would have then lost both rows.
What do I need to do to prevent this happening next time. As I find that I need to update the names of some products, but I don't want to duplicate them.
Thanks
Lynn
How can I prevent duplicate inserts or entries to a table?
Thank you.
Note: I am using SQL Server and coding ASP.net pages in VB.
this is a question I put in the sql community in microsoft, but havent be answered in full
------------
I am using dynamic sql to do a query with differents 'order' sentences and/or 'where' sentences depending on a variable I pass to the sp
ex:
create proc ex
@orden varchar(100)
@criterio varchar(100)
as
declare consulta varchar(4000)
set consulta=N'select pais from paises where '+@criterio' order by '+@orden
------------
I'd like to know it it uses 2 sp in the cache, as I read, the main sp and the query inside the variable of the dynamic sql. if so, as I imagine, then I suppose I have to do the main sp without any 'if' sentence to be the same sp, and so taking it from the cache and not recompile the sp
now, I have various 'if' sentences in the main sp (the caller of the dynamic sql) but I plan to remove them and do the 'if' by program -it is in asp.net-, so I suppose it is better because in this way the main sp is took from the cache, supposing this uses the cache different that the dynamic sql in the variable
what do u think? does the dynamic sql use 2 caches? if so, u think it is better to try to do the main sp same in all uses (no 'if' statements)?
-----
They told me this coding is not good (dynamic sql) because it can give control to the user?
I ask, how does it give control to use? what ar sql injection attack and how to prevent them?
I use dynamis sql because I have 150 queries to do, and thought dynamic sql is good
is it true that dynamic sql have to be recompiled in each execution? I suppose so only if the sql variable is different, right?
can u help me?
Hi,
On my site I have a simple textbox which is a keyword search, people type a keyword and then that looks in 3 colums of an SQL database and returns any matches
The code is basic i.e. SELECT * FROM Table WHERE Column1 LIKE %searcg%
There is no validation of what goes into the text box and I am worried about SQL injection, what can I do to minimize the risk
I have just tried the site and put in two single quotes as the search term, this crashed the script so I know I am vunerable.
Can anyone help, perhaps point me in the direction of furthur resources on the subject?
Thanks
Ben
I have a web form that I use to insert data into a sql database. I want to know how to prevent inserting duplicate records into the database. Thanks.
View 6 Replies View RelatedI want to be able to read and update a value in the database without entering a race condition.
For example:
User #1 reads a row from the database, changes a value then writes the value back.
User #2 reads the same row AFTER user #1 has read it, but BEFORE user #1 writes it back. User #2 then changes the value and writes it back, overwriting the value that user #1 wrote.
I thought I could do this with transactions, but it just makes user #2 wait until user #1 is done writing before user #2 can write. It doesn't stop user #2 from reading while user #1 has it out.
Does that make sense?