I'm having problems with ftp tasks in SSIS packages where protectionlevel=EncryptSensativeWithPassword. I've used this many times with no problems, but now that I've upgraded to 2005 SP2, It's not working as before.
I have a functioning SSIS package with an FTP download. It works fine on my workstation in the developement environment.
If I load it to the SQL server using Server Manager Studio under my account, I cannot run the package from the server when logged on as Administrator, nor can I schedule it to run under the SQLAgent account as a job. The error mesages are: Unable to connect to FTP server using "FTP Connection Manager" and "The password was not allowed". Obviously the password being sent to the ftp server is wrong, but it was right under developement. Further more, If I log into the server under my account the package runs fine!
If I load the package while logged in as administrator, I can only run the package as administrator. And of course, if I load the package as SQLagent, I can only run the package as SQLagent.
This is not how SSIS packages were operating before I upgraded! In fact I've reloaded some existing packages and found that they now have inherited this behavior (after they have been re-imported)
It looks to me like SSIS is using the EncryptSensativeWithUserKey option, instead of the EncryptSensativeWithPassword option. I'm not sure how to confirm this, short of using a packet sniffer to watch the ftp traffic.
I could switch to PackageConfigurations, but I was happy with the EncryptSensativeWithPassword option, which seemed appropriate for our operation.
Does anyone have any ideas what could be going on, or any suggestions to troubleshoot this? How can I tell if password is encrypted or not?
Can someone recommend me the most efficient protection level for SSIS packages for my environment? I've been doing some reading on this lately, but can't really decide which one to use. The Rely on server storage for encryption (ServerStorage) seems interesting, but I'm unsure if that would work on my environment (Windows Authentication).
Currently I'm saving my packages to my dev server under "Encrypt sensitive data with user key" Protection level, but seems like the passwords for the FTP Connection for instance doesn't get saved when I deploy my package to the server.
Our environment consists of 2 dev servers + 2 prod servers with windows authentication, our SQL Agent Account is a domain account with local admin rights and sysadmin rights on the SQL Server and we try to use proxy accounts to access network resources instead of giving the agent access to everything.
This is what I found on MS's web site. http://technet.microsoft.com/en-us/library/ms141747.aspx http://technet.microsoft.com/en-us/library/ms141053.aspx
Hello, I have a package that contains a connection manager to a DB2 source. The password is configured within the connection mananger. The configuration string was included in the package configurations (SQL Server). The package is saved in VSS, and locally on my hard drive.
When a colleague attempts to open the package is Visual Studio (from VSS), He gets a message similar to the following.
Error 1 Error loading 'Geac_RK502.dtsx' : Failed to remove package protection with error 0x8009000B "Key not valid for use in specified state.". This occurs in the CPackage::LoadFromXML method. . C:Documents and SettingscdunnMy DocumentsVisual Studio 2005ProjectsGeac_RK502Geac_RK502Geac_RK502.dtsx 1 1
I'm very sure the package protection level was to encrypt sensitive data with user key. After he ran into this problem, I tried again to open the package from my computer (the machine that the package was created on) and now I get the same message. If I attempt to open the package anyway, I first get a message that there were errors in the package while it was being loaded, and that the package might be corrupt. After that message, I get one that states the document contains one or more extremely long lines of text....do you still want to open the file. If I click yes, the package opens read only with the following message:
Microsoft Visual Studio is unable to load this document. Failed to remove package protection with error 0x80090008. "Key not valid for use in specified state". This occurs iin the CPackage:LoadFromXML method.
I'm looking into more information about package protection. What can I do to avoid this problem, and what protection level should I be using so that my colleague can open the package? How can I correct the problem with this particular package, and have the package open?
I have a problem while trying to deploy my packages that are configured in ProtectionLevel=EncryptSensitiveWithUserPassword
I use the Deployment Utility to deploy my packages. I set the password when deploying and the deplyment works fine. But I run the packages I have the following error : " Failed to decrypt an encrypted XML node because the password was not specified or not correct."
For those of you who have had a hard time like me trying to figure out using Protection level for an SSIS package whilst deploying the package via the SQL Server Agent, here is a piece of advice:
Firstly the protection level is set by Default to - "EncryptSensitivewithUserKey".
The encryption actually takes place only if you have things like - passwords etc..
From my experience - using both - "EncryptSensitivewithUserKey" and "EncryptSensitivewithPassword" Security features have turned out to be unreliable when deploying through SQL Server Agent (even while using a Proxy account having all previliges).
This is it seems because of issues with the user who created the package being different from the user who deployed the package. (which is really ridiculous).
So I used the ProtectionLevel - "DontSaveSensitive" - which means it is not going to encrypt anything in the package and so ur sensitive information would be blank. You would have to then supply your password etc using a configuration XML file. - using SSIS "Package configuation" in your menu....
This has been the most reliable way of solving the whole problem with encryption.
bear in mind that you might want to put the XML file in a secure location to which no one else has access to.
I am currently designing a SSIS package that will migrate data from Syabse to Sql server. If these packages are to be deployed to file system (as this is one time run for migrating data) or to SSIS catalog or to Sql server.
Also, I have not changed the default protection level value in packages during design time and would like to know if I have to change it while handling the deployment using DTutil (yes, i need to deploy & execute using command line utilities).
Please note that I do not have access to PROD, UAT environments and deployment team will use my BAT file that is expected to deploy and execute the packages.
Can anyone explain to me why my ssis packages will not work when DontSaveSensitive protection level is selected? My package configurations are set as SQL server configuration type, and I have a table in a database that contains all the sensitive information (passwords and such). If I select "EncryptSensitiveWithUserKey" everything works, but I will be the only one able to execute the packages (not good, I need others to be able to execute them as well).
The error I'm getting tells me that the connection is not configured correctly or I may not have the right permissions on the connection.
My guess is that the DontSaveSensitive drops the passwords, but when I edit the data source and re-enter the password, it still does not work. Also, the database table I use that contains the sensitive data is not affected, all data remains.
What the fudge is going on here? I'm a newbie at this, can someone help me out?
I made a merge replication and sucessfully connected with mobile device. Everything works fine. Because I wanna try asynchronous synchronization (which won't stop my application executing when subscribing) I read How to example from MSDN : http://msdn2.microsoft.com/en-us/library/ms172391.aspx But there is a problem with creating SyncStatus class object. I can't get into it and I can't create. maybe some reference will help? (I use reference to SQLServerCE). This error stoped my work for now, so I am waiting for some answers.
And if it's simple resolution for this problem - sorry. I just started programming applications for Mobile Devices.
I have created a new SSRS Server and done all of the basic security setup for the site but I am having trouble with client machine access...At first I had an issue with being able to access report manager from any client and ended up having to shut off windows authentication on the client IE settings to get it to work. Now I am trying to run Report Builder from a client machine and it will not download. The client machine is on the same domain and my user id is set as an administrator within SSRS and as a local admin on the 2008 server.Â
I had the thought that without windows auth in the browser maybe it can't permit me access to the application but if I turn it on I can't get to it to download it. I have set Full Control rights to the folder as well. Most of the info out there is for 2005 and that uses IIS to host the pages where as 2008 does not. Here is the details of the error:
PLATFORM VERSION INFO Windows    : 6.1.7600.0 (Win32NT) Common Language Runtime  : 2.0.50727.4927 System.Deployment.dll   : 2.0.50727.4927 (NetFXspW7.050727-4900) mscorwks.dll    : 2.0.50727.4927 (NetFXspW7.050727-4900) dfdll.dll    : 2.0.50727.4927 (NetFXspW7.050727-4900) dfshim.dll    : 2.0.50727.4927 (NetFXspW7.050727-4900)
I'm trying to protect a package... using an owner password. After I create an owner password and generate a dts command line from DTSRunUI... it puts the package password in the string. Basically if someone goes into the job and looks at this line they have the password to open the package...
We can not remove the builtin administrators group from the machine therefore system admins that want to poke around into our work can do so.... any suggestions......
Alright, so I have a basic search function to look through a field in my database which is decided by a query string. <asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:DatabaseConnectionString %>" SelectCommand="SELECT * FROM [Employee] WHERE ([Responsibilities] LIKE '%' + @Responsibilities + '%')"> <SelectParameters> <asp:QueryStringParameter Name="Responsibilities" QueryStringField="q" Type="String" /> </SelectParameters> </asp:SqlDataSource> But, I'd really like to fix it using parameterized SQL queries, so that people aren't dropping my tables. >_>I've been lookin' around for some code on how to do this in C#.NET, and most of them seem to look like this: SqlConnection objConnection = new SqlConnection(_ConnectionString);objConnection.Open();SqlCommand objCommand = new SqlCommand( "SELECT * FROM User WHERE Name = @Name AND Password = @Password", objConnection);objCommand.Parameters.Add("@Name", NameTextBox.Text);objCommand.Parameters.Add("@Password", PasswordTextBox.Text);SqlDataReader objReader = objCommand.ExecuteReader(); My problem is that I don't know how really know how to go from my code to this code... I mean, would I throw the latter in my backend code and call what it returns as a string, would I entirely replace my Datasource and do soemthin' with the code? Any help, in the form of tutorials or just straight up tellin' me here, would be greatly appreciated.Thanks. =D
Hello all, I'm using the following code to query my database... public static void InsertsComments(string Comments, string TagID, string UserName) { SqlCommand cmd = new SqlCommand("insert into TG_UserComments (Comments, Tag_ID, UserName) values (@Comments, @TagID, @UserName)", conn); conn.Open(); cmd.Parameters.Add(new SqlParameter("@Comments", Comments)); cmd.Parameters.Add(new SqlParameter("@TagID", TagID)); cmd.Parameters.Add(new SqlParameter("@UserName", UserName)); cmd.ExecuteNonQuery(); conn.Close(); } My first question is, should I be making @Comments, @TagID, @UserName a little more cryptic? Liks @CommDBQ23 or something? Does that make it safer? Also, I'm going to use stored procs query the database, instead of how I'm doing it above. What would I need to change in the code to do this? Obviously I'd need to call a stored proc on the server, but can I still protect myself from sql injections with the above code? Is there anything else I should be doing to secure my application at this level? Thanks! Matty
I've developed a database driven web app in ASP.NET and ready to deploy to my customer. However, I'd like to know is there any way to encrypt / protect the source of my stored procedure and view in SQL Server? My web app make heavily use of SPROCs and DB Views and I don't want my client to view / alter it, compared with the web app, I can compile it into a .DLL file and remove all business logic, any similar thing in SQL world?
I would like to build a standard BI solution based on MS SQL2008 - integration services, analysis service and reoprting services.
This stardard BI solution can be distributed to multi customers - however I want to protect the source code so customers cant access the code.
I would like to be able to ecrypt or protect the solution - so the customer only get the "executable" but they cant access the soruce code. This is to protect my intellectual property.
Kindly advise if there are any way to achive this objective in SQL2008.
I did some research in SQL 2005 long time back - but I was unable to find resolution to protect the intellectual property.
I would be extremely pleased to get some good advise on how to protect IP in SQL 2008.
we are using sql server 2000 and it's on a remote system. One of the databases "Dbase1" went to Suspect mode. when we checked both the .mdf and .ldf files were missing from the Server. they were not there at all. Is there any way to recover the databse. To make it more secure what are the possibilities which we can use so that in future we should be able to restore our databse.
I have a question that I am sure that others have had to deal with in the past. I am writing business requirements for a web application that stores names, addresses, etc. I have hit a bit of a problem in design with allowing users to enter data they need, like the name O'Brien, and developers saying that allowing the single quote in a field could allow for an injection attack. Developers want to strip out single quotes when they occur in the data, however the users are insistent that names and addresses that have single quotes in them are shown properly.
Is there any middle ground so that the system can be built to avoid an injection, but still allow data to be entered as intended.
I just installed SQL7.0 on a windows 98 machine. When I go to register a new database, I get the following message. MMC caused a general protection fault
I have rebooted the machine, removed & reinstalled the application.
All: I am aware that I am raising an issue/question that has quite a number of ancestors in this forum. In reviewing some of the threads I still believe my situation has a bit of a twist; but that could just be me.
The process I used until a change I made recently worked just fine. A handful of my packages connect to our ERP system that only supports an ODBC connection. I set the Protection Level to the default, and then deploy the packages to the server. I use an agent to run the jobs that include these packages as steps. I have hardcoded the userID and password in the SQL jobs and so they have run fine.
In an effort to reduce maintenance on the packages I decided to run the packages from the File System instead of deploying them to the server. Now, the packages are not running as I have not changes the Protection Level yet. I did test running one of the packages using a Proxy I have created but that does not work either.
Based upon what I have read it appears that the first thing I need to do is change the Protection Level to DoNotSaveSensitive. How do I then pass the ID and password to the agent?
a. Create a confirguation file? b. Create a package template? c. Both of the above
To reiterate I do not wish to deploy the packages to the server; I prefer to run the packages from the File System. Further, I just have one box on which everything happens; there are no migration issues across servers.
Some insights from this group will be greatly appreciated.
1) How much does setting encryption cost in terms of speed of querying and cpu usage? 2) If encryption is not set, is the password "encrypted" when its sent with the initialization routine?
I have created a web site containing a login control. It works great on my local machine, but when I copy it to the server, I get the following error when I try to login to the website: Server Error in '/mrallensclass' Application.
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace:
How can we control the accesses to a SQL Server that has been deployed on customer site? Basically, we do not want user to log in the database server, even as sa, except through our application.
I want to perform column level and database level encryption/decryption.... Does any body have that code written in C# or VB.NET for AES-128, AES-192, AES-256 algorithms... I have got code for single string... but i want to encrypt/decrypt columns and sometimes the whole database... Can anybody help me out... If you have Store procedure in SQL for the same then also it ll do... Thanks in advance
I am experiencing a problem while performing failover testing on 2005 Standard. I have an application which uses an ODBC connection SQL Native Client with a failover partner.
The following is the series of events that cause the problem. I am using a domain admin account whilst testing which has a server login on both servers with the same privileges.
Server A (Principle) Server B (Mirror) **Application can connect**
Manual failover
Server A (Mirror) Server B (Principle) **Application can connect following a restart**
Server A is switched off
Server B (Principle, disconnected) **Application continues working**
***restarting the application the following error occurs***
€œConnection Failed SQLState 08001 SQL Server Error 53 [Microsoft][SQL Native Client]Named Pipes Provider: Could not open a connectionto SQL Server [53]. Connection failed: SQLState: '08001' SQL Server Error: 53 [Microsoft][SQL Native Client]An error has occured while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. Connection failed: SQLState: 'S1T00' SQL Server Error: 0 [Microsoft][SQL Native Client]Login timeout expired€œ
Our SSIS packages use the Web Service Task to call services to send email and write package failure data to a department wide database. These Web Service Calls are failing with HTTP 401 errors. It was caused by the passwords for the HTTP connections not being saved when the SSIS pkgs were saved to .dtsx files. I have tried saving the package with a password and the EncryptSensitiveWithPassword protection option. This password can be supplied when the package is called from another package or a package is executed in Visual Studio but cannot be supplied to DTexec to execute the package in a job. DTexec does have a /Password parameter but it is rejected if the package is loaded from a .dtsx file. This appears to be a bug in DTexec. It only accepts the /Password parameter when the package is loaded with the /SQL option. Specifying /Password and /File is not supported.
Is this a known bug? Are there any workarounds? Has anyone successfully called a Web Service from SSIS executed via DTexec?
We have few C# binaries that contains definition of CLR functions, and one stored procedure to install / create them in our database. Recently when dropping and recreating the CLR function using our stored procedure, it failed with below error:
Error/info returned: [Microsoft][ODBC SQL Server Driver][SQL Server]This server is Information Protection configured. Only the sql server web application can be used for this function. ([URL])[Microsoft][ODBC SQL Server Driver][SQL Server]The transaction ended in the trigger. The batch has been aborted.
Basically our stored procedure has standard steps to create asymmetric key for each of our C# binary and create login for that key and then grant unsafe assembly permissions to those logins.
It sets show advanced options, clr enabled, and ole automation procedures options. It then using create assembly (for each c# binary with permission_set = unsafe) and create function constructs to create clr functions in SQL server.
When you utilize transactions in ADO.NET are the locks put on the entire TABLE used or at the row level? For instance if you do a SELECT within a transaction if you only pull 5 rows out of a 1000 row table can you just make it lock the rows that have been pulled? It seems like it locks the entire table?
Hi, Can anybody please explain me, what is low level and high level locking in SQL Server 2005 database. Also what is the name of process which converts low level locking into high level locking and vise versa. -Sanjeev
Hi..I'd very much appreciate it if someone would tell me how to translatea statement level trigger written in Oracle to its equivalent (if there isone)in MS SQL Server. Ditto for a row level trigger.If this is an old topic, I apologize. I'm very much a newbie to SQL Server.Regards,Allan M. Hart
The relationship between state and sales region is n:1, i.e. one state belongs to exactly one sales region, and one sales region can consists of one or multiple states.  Unfortunatly I can't define this attribute relationsship in the dimension because it would lead to a diamond-shaped relationsship without a user-defined-hierarchy to back it up. So far that isn't much of a problem, user don't drill down from sales region to state. But now I want to define a calculated member that multiplies a measure from the main measure group with another measure from a weighting factor measure group at the state level and above. The granularity attribute of the geography dimension in the dimension usage tab of the weighting factor measuregroup is the state.Â
So far what I've got is:
CREATE MEMBER Currentcube.Measures.[weighted measure state and above] AS NULL; SCOPE (Measures.[weighted measure state and above], Descendants(geography.[political territory].[all member],3,SELF_AND_BEFORE), Descendants(geography.[salesterritory].[all member],2,SELF_AND_BEFORE), ... Descendants(geography.[hierarchy 9].[all member],1,SELF_AND_BEFORE)); this = sum(existing(geography.[political territory].state.members), measures.[main measure group measure] * measures.[weighting measure group measure]);END SCOPE;
This works from a functional point of view, but is rather slow when querying any other hierarchy than the political territory hierarchy, because SSAS first goes down from the state level to the key attribute of the geography dimension, and then aggregates from there to the sales region.In other words, I want SSAS to resolve the relationsship (which state belongs to which sales region) through the dimension, and not through the fact, and apply the calculation afterwards. Like some kind of currency conversion, but only from a certain level upwards.
Is there a way to configure mirroring to go from High Availability to High Protection without having to reconfigure Database Mirroring? Using the interface in Management Studio, I can change the configuration option to High Performance, but not High Protection despite both of them being Synchronous.
If not, what are the recommended steps to configure the mirror once it already has been configured? Is just like initially setting up the mirror or would there be any shortcuts I could take? If I stop the mirroring and remove the witness, will the High Protection option be available?
I had a view in which I did something like this isnull(fld,val) as 'alias'
when I assign a value to this in the client (vb 6.0) it works ok in sql2000 but fails in 2005. When I change the query to fld as 'alias' then it works ok in sql 2005 . why ?? I still have sql 2000 (8.0) compatability.
Also some queries which are pretty badly written run on sql 2000 but dont run at all in sql 2005 ???
any clues or answers ?? it is some configuration issue ?