Remote Access - How To && Security Concerns

May 4, 2006

Is anyone familiar with how to enable remote access to SQL Server 2000? ...and what are you security issues surrounding this?

Any help appreciated.

Adamus

View 5 Replies


ADVERTISEMENT

Security Concerns

Jun 13, 2007

I have a web application where I allow the user to specify the select statement and the where clause. Basically I will receive two strings, first being the select and second being the where clause. Then I will structure the final sql statement as "SELECT " + first_string + " FROM Table_Name + " WHERE " + second_string.
I understand there are big security concerns by opening up SQL server like this, but I have no choice at this time. What should I look for in the select statement and where clause? Any tips or suggestions are appreciated!
Penn

View 1 Replies View Related

Security Concerns

Oct 2, 2007

Hi,

Wondered if you peeps could offer me some advice on this. The company i'm working for has recently invested in a massive bespoke CRM system. The software company thats worked on it has today specified the servers for the new system, just want to check what they're telling us.

Two servers, one front end running IIS and .NET, one backend running MySQL.

They said its essential that a hardware firewall is placed in between the servers and the back end machine is not directly assessable from the internet. They've told the directors all the usual scare tactics that the customer data is at risk if we dont have this - personally I think they're just pushing they're own hosting solution.

So, question is - is MySQL that insecure that it needs to be firewalled off?

Our hosting company is looking at about £2000 for the firewall and configuration. Is that nessessary?

I suggested IPSec on the servers as an alternative, they rubbished that saying its not secure enough.

Any advice appreciated

Thanks

View 10 Replies View Related

Security - Remote Access

May 4, 2007

I'm creating an app that will connect to a central sql server 2005 (hosted on a Win2003 server with Windows Firewall on). I added sqlservr.exe and sqlbrowser.exe to the firewall exceptions to allow for remote connections. Now, an admin I know is telling me that this is not secure and we must configure those 2 exe's to only be accessed by certain IP addresses. I want to make sure the database is very secure, but this sounds like overkill. ??

Questions:
Is this necessary (to limit access to these 2 exe's to certain IP addresses)?
How would I be able to distribute my application to different users if this is so?
How can I make sure that the SQL Server won't get "attacked" or "hacked"?

Mel

View 6 Replies View Related

Access To The Remote Server Is Denied Because The Current Security Context Is Not Trusted

Jun 27, 2007

I am unable to run a stored procedure that accesses a linked Oracle database as a dataset for a deployed report in Reporting Services. I receive the following error:



An error has occurred during report processing.

Query execution failed for data set 'spName'.

Access to the remote server is denied because the current security context is not trusted.



A few facts ...

The report previews fine in Microsoft Visual Studio 2005 Version 8.0.50727.762 (SP.050727-7600) report designer with VS being installed on my local machine and a shared data source referencing Server1
The deployed report on Server2 produces the error
The stored procedure code is similar to the following:

SELECT x.FieldName as OracleField

,y.FieldName as SSfield

FROM OracleLinkedServer..DatabaseName.TableName x

LEFT JOIN Server1.dbo.TableName y

The deployed report runs fine when the stored procedure code is changed as follows. This indicates to me that the problem is truly an Oracle connection issue;

SELECT 'ABC' as OracleField

,y.FieldName as SSfield

FROM Server1.dbo.TableName y

The Oracle database is a linked database on both SQL Server1 and on SQL Server2 database engines. (I don't see where in Server2 Reporting Services I can specify additional server connections.)
I've tried to trick Mr. Reporting Services on Server2 by creating a @L_TempTable in my stored procedure, inserting the data into it, then selecting from a SQL Server1.dbo.TableName LEFT JOIN @l_TempTable, but Server2 still knows I'm trying to get out to Oracle and rewards me with the error.
I can effectively run the Server1 stored procedure script on Server2 through MSSMS -- it's just the deployed report that references the stored procedure that doesn't work
The data source properties of the deployed report are as follows:

Select -- A Custom Datasource

Connection Type: Microsoft SQL Server

Connectoin String: Data Source=Server1;Initial Catalog=DatabaseName

Select -- Credentials stored securly in the report server

Username: UserName

Password: Password

Check -- Use as Windows credentials when connecting the the data source

Check -- Impersonate the authenticated user ...



(Please do not get sidetracked on the 'A Customer Datasource' selection above. I'd rather be using a shared data source, but right now, this is just the way it is.)



Anyone's expertise would be greatly appreciated. We have a great data warehouse but sometimes you just have to go back to the Oracle ERP and slug it out. What do I need to do to get a deployed report to effectively read from a stored procedure that references an Oracle table?



To everyone, thanks for reading!



~ Delora









View 2 Replies View Related

Access To The Remote Server Is Denied Because The Current Security Context Is Not Trusted.

Aug 25, 2006

Hello,

In SQL 2005, from a stored procedure in a local database I am attempting to execute a remote stored procedure in another database on another server. I am getting the error referred to in the Subject when the local stored procedure tries to execute the remote stored procedure. A couple of comments:

The remote database is set up as a linked server in the local database. As part of the linked server definition I selected the 'be made using this security context', and provided a local user name and password.
The remote database is set to Trustworthy.
I have tried every combination of WITH Execute As on the remote stored procedure but nothing works.
I can query against the remote database successfully within Management Studio. I can even execute the remote stored procedure successfully from within M.S., but not from within my local stored procedure when it is run.

Thank you for your help on this - Amos.

View 17 Replies View Related

Access To The Remote Server Is Denied Because The Current Security Context Is Not Trusted

Jun 27, 2007

I am unable to run a stored procedure that accesses a linked Oracle database as a dataset for a deployed report in Reporting Services. I receive the following error:



An error has occurred during report processing.

Query execution failed for data set 'spName'.

Access to the remote server is denied because the current security context is not trusted.



A few facts ...

The report previews fine in Microsoft Visual Studio 2005 Version 8.0.50727.762 (SP.050727-7600) report designer with VS being installed on my local machine and a shared data source referencing Server1
The deployed report on Server2 produces the error
The stored procedure code is similar to the following:

SELECT x.FieldName as OracleField

,y.FieldName as SSfield

FROM OracleLinkedServer..DatabaseName.TableName x

LEFT JOIN Server1.dbo.TableName y

The deployed report runs fine when the stored procedure code is changed as follows. This indicates to me that the problem is truly an Oracle connection issue;

SELECT 'ABC' as OracleField

,y.FieldName as SSfield

FROM Server1.dbo.TableName y

The Oracle database is a linked database on both SQL Server1 and on SQL Server2 database engines. (I don't see where in Server2 Reporting Services I can specify additional server connections.)
I've tried to trick Mr. Reporting Services on Server2 by creating a @L_TempTable in my stored procedure, inserting the data into it, then selecting from a SQL Server1.dbo.TableName LEFT JOIN @l_TempTable, but Server2 still knows I'm trying to get out to Oracle and rewards me with the error.
I can effectively run the Server1 stored procedure script on Server2 through MSSMS -- it's just the deployed report that references the stored procedure that doesn't work
The data source properties of the deployed report are as follows:

Select -- A Custom Datasource

Connection Type: Microsoft SQL Server

Connectoin String: Data Source=Server1;Initial Catalog=DatabaseName

Select -- Credentials stored securly in the report server

Username: UserName

Password: Password

Check -- Use as Windows credentials when connecting the the data source

Check -- Impersonate the authenticated user ...



(Please do not get sidetracked on the 'A Customer Datasource' selection above. I'd rather be using a shared data source, but right now, this is just the way it is.)



Anyone's expertise would be greatly appreciated. We have a great data warehouse but sometimes you just have to go back to the Oracle ERP and slug it out. What do I need to do to get a deployed report to effectively read from a stored procedure that references an Oracle table?



To everyone, thanks for reading!



~ Delora









View 1 Replies View Related

SQL 2012 :: Access To Remote Server Is Denied - Current Security Context Is Not Trusted

Feb 10, 2014

We've got 3 SQL Servers all SQL Server 2012. We have a Master server and 2 production servers (let's call them A and B). The Master has linked servers defined for both A and B in an identical way.

A and B both have the same databases and each has a Stored Proc that gets called by the Master server.
An SQL Agent job executes the stored proc on both A and B.
It works fine against A but not B.

If we execute the stored proc in a query window under our windows account (domainowner) it works, if we use SetUser to pretend to be the SQL Server Agent account (let's call it domainagent) A works and B doesn't.

Executing against B returns the error "Access to the remote server is denied because the current security context is not trusted."

domainagent is a sysadmin on both Server A and B.

Trustworthy is set to ON in both the Master Server Database it's executing from and the remote databases on both A and B.

All 3 databases have the same owner (let's call it domainowner).

View 5 Replies View Related

For Remus - Access To The Remote Server Is Denied Because The Current Security Context Is Not Trusted.

Aug 25, 2006

Remus (or anyone who can help) -

I am sorry for posting this question here. The only reason I am doing so is because Remus answered a question similar to this late last year, but I couldn't get access to the whole thread.

In SQL 2005, from a stored procedure in a local database I am attempting to execute a remote stored procedure in another database on another server. I am getting the error referred to in the Subject when the local stored procedure tries to execute the remote stored procedure. A couple of comments:

a.. The remote database is set up as a linked server in the local database. As part of the linked server definition I selected the 'be made using this security context', and provided a local user name and password.
b.. The remote database is set to Trustworthy.
c.. I have tried every combination of WITH Execute As on the remote stored procedure but nothing works.
d.. I can query against the remote database successfully within Management Studio. I can even execute the remote stored procedure successfully from within M.S., but not from within my local stored procedure when it is run.


Thank you for your help on this - Amos.

View 1 Replies View Related

Error 15274: Access To The Remote Server Is Denied Because The Current Security Context Is Not Trusted.

Sep 12, 2007

Hi,

I have a stored procedure servicing a queue (sql 2005).
The stored procedure updates some data in a different server and database.
If the queue contains messages and I execute manually the stored procedure, I don't have any problem at all.
However, if I set the queue to use the same stored procedure, it gives me the following error:

Error 15274: Access to the remote server is denied because the current security context is not trusted.

Any ideas?

Thanks,

Aron

View 4 Replies View Related

Code Access Security Across Multiple Assembly Security Extension

Oct 14, 2005

Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.

View 9 Replies View Related

Remote Access Server Configuration Option And Remote Query Timeout?

Jun 2, 2015

- When I disable "allow remote connections to this server" from server properties>connection page, I can still remotely connect to the server from SSMS...so what is the impact of enable/disabling it?

- what is the impact of changing the remote query timeout (on the same page) from default value?

View 4 Replies View Related

Windows Update Concerns For A SQL Server

Jan 10, 2008

Is there anything special that I need to worry about in regards to Windows Updates on SQL Servers? I do not have a good development environment yet so testing them first really isn't feasable. (This is going to change very soon. I'm just waiting on a fiber card so I can connect the Dev server to a RAID.) The SQL Servers are pretty far back in regards to MS updates so I want to make sure I won't do any damage to the DBs or SQL Server itself. The first update that I am going to install is Windows Server 2003 Service Pack 2.

Thanks.

View 1 Replies View Related

Remote View Security

Oct 21, 2007

We have a Foxpro database on our local machine and a shared sql server database on our remote machine. We have created a remove view that updates or inserts data into the sql server db using the local foxpro data.

What is the recommended way to secure these updates or inserts? We're worried that since our data is not encrypted, it is a security risk.

Thanks in advance.

View 3 Replies View Related

Basic Security Question For Remote App

May 1, 2007

I'm designing a C# winforms app that will be used by 500 customers/companies. The customers will use the app to edit data for their company on the remote SQL Server. What's the best way to manage security in terms of logins/passwords? Should each user have a different login? (probably not) Or should the application have it's own login/password that is encrypted and the user never knows what the login/password is?

Also, is it necessary to use Web Services for this application? Any other thoughts/comments are very welcome.

View 4 Replies View Related

Newbie To Remote SQL 2005 Express - Need Roles/security Advice

Aug 30, 2006

Hi,I'm
building an asp.net website using web developer express and I have a
SQL 2005 express install on the same machine.  Using windows security,
everything works fine for development.Now I need to get it working at the client site, where the web server and SQL 2005 Express are on different machines.I'd
tried using windows authentication but that didn't work, probably
wasn't doing it correctly.  I'd like to try SQL Authentication, at least temporarily, since I
can replicate that on my laptop at home easily I think.I created a new SQL login but was really baffled by the screens showing roles and schemas, etc.   There's so many roles to choose from and wasn't sure if this new login needed to own any schemas. I
did turn on remote connections and mixed-mode authentication, the
probably now is my asp.net membership provider login page isn't
authenticating correctly, maybe my permissions are wrong on the
aspnet_.....  tables for users, roles, profiles, etc. Any advice?thanks,Bruce

View 3 Replies View Related

MS Access Security

Jan 3, 2006

Applied Access security feature to a database using its Security Wizard. Procedure went smoothly.

Been developing a software using VB 6.0 using an Access database as the main data source. Haven't had any problem manipulating the database via VB, but recently attempted to modify the database structure via Access, but was unable to do so, because either my username or password is allegedly invalid. Tried all passwords I can recall, but unable to get through. Haven't been able to create a new database, either.

Development of the software and creation of the Access database is being done on a stand alone laptop, that may or may not have been a workstation in a network.

Any help to resolve this issue would be appreciated.

Napatan

View 2 Replies View Related

Security Access

Aug 24, 2006

I would like some clarification please...

I have setup Windows Authentication to SQL2005 using a group with a default database. The group has access to the default database.

Now it's my understanding, if I have a user that's a member of the group, idividual access does not need to be setup to connect to SQL Server. Users connect on the credentials of the group... Is this a correct interpretation??

Ex: Windows groupname = SQLConnect Default db = Anydb

Anydb has groupname SQLConnect connect permissions

Windows username = test1 (is member of SQLConnect group)

Problem: test1 trys to login but gets an error that they can't connect to default db...

View 1 Replies View Related

How To Access The DB With Integrated Security

May 11, 2007

Hello,
I'm new to ASP, but developping in Sql for years.
What we would like to have is that the user is accessing the database over it's own Windows Logon. Our triggers log quite some changes and are using UserName() for this. I've treid to force the IIS to accept Windows Integration only, the SqlDataSource users a connection that has Integrated Security = True. But when connection to the site i'm gatting error that there is no trusted connection for the user . (dot) ...
I suppose i'm missing something but could you give me a hint where to start looking..... THX

View 3 Replies View Related

SQL Server Access/Security

Aug 22, 2001

In the process of reviewing all Security access into our production servers, I found a user login name of 'BUILTIN/Administrators' with the type 'NT Group' in our production DB. I am not sure whether this Login was setup automatically when SQLServer was installed or it was setup by the administrator, who is no longer with the company? I was able to find out all the users in the Administrators NT group, but what threw me was the word 'BUILTIN' . Are there other Logins besides 'sa' that get setup during the install?

Thanks.

Helen

View 1 Replies View Related

SQL 7 Security And Access 97 Front End

Jan 26, 2001

I am using Access 97 as a front end to access SQL 7 server on NT 4.0 server.
I've set up security model based on NT authentication only. Users have login right to login to SQL and they have public & dataread & denydatawrite access. They also have SELECT permission on a table object and have no permission to INSERT, DELETE and UPDATE.
When I use Access 97 to access a database, users are still capable of inserting and deleteing records in tables.

Am I doing something wrong?

Thanks, Michael.

View 1 Replies View Related

Microsoft Access Security

Jan 20, 2004

I HAVE CREATED A SECURITY DATABASE USING A NEW WORKGROUP FILE WITH A NEW MDW FILE NAME. THE DATABASE ITSELF CONTAINS SEVERAL GROUPS OF USERS AND SEVERAL USERS. THE DATABASE WORKS AS DESIGNED.
THE PROBLEMS IS IF I OPEN THIS DATABASE USING THE SYSTEM.MDW FILE, THE DATABASE OPENS AND GIVE ME COMPLETE ACCESS TO EVERYTHING.

CAN ANYONE EXPLAIN WHAT IS HAPPENING.

ANY HELP WILL BE APPRECIATED

THANKING YOU IN ADVANCE

JOSEPH FORD

View 14 Replies View Related

Security With Web-based Access

Jul 20, 2005

First of all, I have never done any web-based stuff, so if thefollowing sounds ignorant, it's because I am!So far all our SQL Servers are accessed only over our network and weuse Windows authentication. Now the guy I'm working with on thedesign of our next stuff wants the two new databases (a transactionalone and my data warehouse) to be additionally accessed by web-basedapplications via our company intranet (NOT THE INTERNET). How do weauthenticate under these conditions? The webserver machine will betalking to the SQL Server ones, i.e. the databases will each be on thetheir own separate boxes. Can the webserver be a "user"? If so,and we want the actual users to have different privileges, then theweb-based apps have to manage that? Or is there a way for theweb-based apps to grab the Windows user and pass it to SQL Server?

View 7 Replies View Related

Security - Admin Access

Mar 22, 2007

How do I grant admin access to a windows account withou having them a part of the administrators group...

I need to give a user access to every report on the server and the ability to administrate the application side of the server but I cannot give them Administrative access to the machine as a whole. I added the user to the system administrators role in team services but this did not allow here to see all the reports. How does she get access to all the reports without being in the Windows local Administrators group?



Thanks

Chris

View 2 Replies View Related

MS Access - Security Timestamp.

Mar 27, 2007

I need a simple way of capturing who updated what in an Access database.

User wants to know for each field in each table.

I think it's to much for Access to handle.

Any ideas?

A.

View 1 Replies View Related

Please Help With Remote SQL Access

Jul 22, 2005

Hi
I have a web application and SQL database on separate SQL 2000 server. I have no admin rights to these servers.The ISP gave me a VPN connection and password to manager my database.If i run the application from my home computer WITH the VPN connected the application works fine.However if i disconnect the VPN or try to run the application from the remote server i get this error:SQL Server does not exist or access deniedI have researched this problem extensively and CANNOT find a solution. The application and SQL 2000 database server are on different computers. The SQL user id and password are different from the VPN connection's.My web config looks like this:<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="mappedname" value="username"/>
<add key="mappedkey" value="password"/>
</appSettings>
<system.web>
<globalization fileEncoding="utf-8" requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>
And the application connection string is as follows:Dim usersql As String = System.Configuration.ConfigurationSettings.AppSettings("mappedname")
Dim passsql As String = System.Configuration.ConfigurationSettings.AppSettings("mappedkey")
connectionString = "data source=xxx.xxx.xxx.xxx;initial catalog=databasename;"
connectionString &= ";user id=" & usersql
connectionString &= ";password=" & passsql
I am obviously missing something. Not sure what or how to pass the permissions on properly.Can some kind soul please help me with this problemThank YouJeff

View 1 Replies View Related

Remote Access

Oct 26, 2000

How can I access Sql server via a remote access tools. I want to be able to use somekind of software to be able to work on a server as if I am physically there. I would appreicate your input about this issue.

Ali

View 1 Replies View Related

Cannot Access The Security Page In ASP.Net Configuration

Mar 9, 2007

Hi,
 Im developing an application in Visual Web Developer with an MS SQL Server Database.
I have Visual Web Developer Express edition installed on my machine and i had MS SQL Server 2005 Express Edition and everything was fine.
However i need to use SQL Server Agent to develop a job and this is not included in the express Edition of Ms SQL Server 2005 Express Edition.
So i installed the 2005 developer edition of MS SQL Server.
Now Im currently getting the following error when i access the security page in the ASP.Net Configuration page
 
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
 
Anyone tell me how i can fix this error?
 
 

View 4 Replies View Related

Security Access Permissions To Run Job (Urgent)

Jun 22, 2000

What kind of permissions do you need to be able to run a job created by another user or sa if you are not the job owner and don't have any sys admin priveldges??

View 1 Replies View Related

IIS Access To SQL Server With Trusted Security

Dec 7, 2000

Does anyone know of a component or other mini application that can be run on the IIS server and allow IIS to access SQL Server 7 databases using Trusted Security.

Our security unit has required us to run SQL Server with Trusted Security so changing to Mixed mode is not an option. We are also not allowed to use Basic Authentication for Active Server Pages with IIS. IIS and SQL server are also on different machines.

We are looking into the possibility of trying to create a component that would run on the IIS machine to allow us to use Trusted Security to the SQL Server (in effect try to make it work the same way that the Cold Fusion product does).

Any help would be really appreciated.

Thanks

View 1 Replies View Related

Need Access-like Security Of SQL Server Express

Jun 8, 2007

Is there a way to implement Access-like password protection on a SQL Server Express dataset?



The database will be deployed on individual's PCs with no centralization of control. I want to restrict users from being able to see table definitions, stored procedures, etc. Access-like password protection is what I want, but I don't see any similar feature within SQL Server Express. Am I missing something?

View 1 Replies View Related

Basic Security Differences Between SQL And Access

Jan 16, 2008

Ok, I know it's a really basic question but I'm hoping someone will humor me. Not being a database expert I am wondering what the basic security differences are between a SQL server db and an Access db. What makes SQL a more secure choice for confidential information over Access.

I know from a useability SQL is the better choice being a multiuser access platform but I am not familar with security mechanisms employed.

I appreciate any info on this.

Thank you.

View 1 Replies View Related

SQL Express On Vista - No Security Access.

Jan 17, 2008

I installed SQLE 2005 on vista home prem, and when I go to the studio and attempt to create a database, I get the message below. I am running under an admin account, but the system sees me as a standard user.

Do I need to re-install and tell the system to allow me to log on via. an ID/PW?

Is there a vista patch?

Should I re-install XP?

Also, not having this issue with the same SQLE version and an XP machine.

Thanks



TITLE: Microsoft SQL Server Management Studio Express------------------------------Create failed for Database 'test'. (Microsoft.SqlServer.Express.Smo)For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.3042.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+Database&LinkId=20476------------------------------ADDITIONAL INFORMATION:An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo)------------------------------CREATE DATABASE permission denied in database 'master'. (Microsoft SQL Server, Error: 262)For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.3042&EvtSrc=MSSQLServer&EvtID=262&LinkId=20476------------------------------

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved