SQL 2012 :: Can Hacker Obtain Database Information From Unencrypted Differential Backup?
Sep 24, 2015
We are getting a security audit for the company I work for and got this question recently, and while my answer would be "everything is possible", I know that DIFFs alone can't restore a SQL database.
Having said that (and don't want to read hypothetical comments) how can a hacker read confidential information from an unencrypted DIFF backup? Let's say he steals the DIFF backup alone.
Using Ola Hallengren's scripts I do a full backup of a database on a Sunday. Then differential backups every 6 hours and log backups every hour. I would like to keep a full week of backups based off the full backup done on Sunday. Is there a way for me to clear out the diff and log folders after the successful full backup on Sunday nights?
I have a database that is just over 1.5GB and the Full backup that is 13GB not sure how this is since we have compression on for full backups and my other full backups are much smaller than there respective databases...Now my full backup is taken every Sunday night and the differentials are taken every 6 hours after the full backup. Now I have been thrown into this DBA role with little to no experience just what I have picked up and read. So my understanding of backups are limited but what I think I understand is that we take a full backup and the differential only captures what changes in the database so my question is why is my database 1.5GB but my differential is 15.4GB? I have others database that are on the same instance and don't seem to have this problem. I also just noticed that we do not rebuild the index before a full backup like we do on other instances...
Standard Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 1)
When i attempt to take differentail backup i receieved following message
"Cannot perform a differential backup for database "abc", because a current database backup does not exist. Perform a full database backup by reissuing BACKUP DATABASE, omitting the WITH DIFFERENTIAL option. [SQLSTATE 42000] (Error 3035) BACKUP DATABASE is terminating abnormally. [SQLSTATE 42000] (Error 3013)."
when i search this msg on net than i find that it is microsoft bug 863 so i found hotfixes about this problem and tried to install but unable to install (On installation screen select feature i am unable to click on check box)
Can any one help me regarding to this issue .And more is.. full back of db "abc" exists and i never changed its location nor rename file name.
receive an error: "Cannot perform a differential backup for database ..., because a current database backup does not exist." Can't fully understand what to do with this.
I have done a full backup on 3pm, and a differential backup on everyday 5pm.
I try to restore it back in my testing server and i encounter the problem in restoring the File3 and i try to restore the File 2 and it is okie. Can i know wat is the problem usually cause this error? Thank you
== I asked this question directly to Remus and wanted to share the response to all of those people using this forum == We recently moved our database server from SQL Server 2000 to SQL Server 2005. All applications on our intranet development server stay the same [VS.NET 2003], but recently resources in our Dev DB server ran out of space. While doing a thorough investigation, I noticed ERRORLOG file was occupying about 35 Gig of HDD space. I immediately checked SQL Server error log and noticed an entry which says €“ =========================================================================================== Date 7/7/2006 4:45:37 PM Log SQL Server (Current - 7/7/2006 4:45:00 PM)
Source spid77s
Message The activated proc [dbo].[SqlQueryNotificationStoredProcedure-5eaf8465-d0cb-4be7-93b6-44bb979dd41c] running on queue BW_Content.dbo.SqlQueryNotificationService-5eaf8465-d0cb-4be7-93b6-44bb979dd41c output the following: 'Could not obtain information about Windows NT group/user 'BWCINCHoffK', error code 0x534.' ===========================================================================================
What is this SqlQueryNotificationService in my database? Is it a SQL Server 2005 thing? Why the same kind of stored procedure does not exist in other databases, but BW_Content? This error is getting repeated most probably every second and is filling up our server. I believe our corporate IT people removed our domain accounts from BWCINC domain to BWCORP domain and probably some application which is using BWCINCHoffK credential is getting errored out. I tried to locate this application and was not successful. Is there anyway that I can stop this ERRORLOG from growing? How can I delete these log entries so that I can make space on our Hard Drive? Is there an easy way in SQL Server 2005 to locate which application is creating this error? Response from Remus: The 'SqlQueryNotificationService-...' is the service created by SqlDependency when you call SqlDependency.Start (). The problem you describe appears because the 'dbo' user of the database is mapped to the login that originally created this database. The SqlDependency created queue has an EXECUTE AS OWNER clause, owner is 'dbo' and therefore this is equivalent to an EXECUTE AS USER = 'dbo'. The error you see is reported by the domain controller when asked to give information about the original account 'dbo' mapps to (that is, BWCINCHoffK'): Error code: (Win32) 0x534 (1332) - No mapping between account names and security IDs was done.
To solve the issue, change 'dbo' to match a correct login, using either sp_changedbowner or ALTER AUTHORIZATION ON DATABASE::[dbname] TO [somavalidlogin] To find the databases that have this problem, run this query:
select name, suser_sname(owner_sid) from sys.databases The databses that have the problem will show NULL on the second column. A similar problem is described here: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=65711&SiteID=1
To remove the entries, use sp_cycle_errorlog to force a new errorlog file, then delete the huge log file. ---------------------------------------
I executed ALTER AUTHORIZATION ON DATABASE::[BW_Content] TO [sa];
I got this error in SQL Error Log once and the growth of ERRORLOG was stopped. =============================================================== Date 7/10/2006 1:16:55 PM Log SQL Server (Current - 7/10/2006 1:17:00 PM) Source spid20s
Message
The query notification dialog on conversation handle '{6BDE95F7-0EFB-DA11-9064-000C2921B41B}.' closed due to the following error: '<?xml version="1.0"?><Error xmlns="http://schemas.microsoft.com/SQL/ServiceBroker/Error"><Code>-8490</Code><Description>Cannot find the remote service 'SqlQueryNotificationService-c15bb868-ed56-47d2-bf91-ce18b320989a' because it does not exist.</Description></Error>'. ===============================================================
I am using the Simple recovery model and I'm taking a weekly full backup each Monday morning with differentials taken every 4 hours during the day.
On Wednesday afternoon, a programmer ran a process that corrupted the db and I had to restore to the most recent differential. It was 5pm in the afternoon and a differential backup had just occured at 4pm. No problem, I figured.
I restored the full backup from Monday morning and tried to restore the most recent differential backup. The differential restore failed. Since I had used T-SQL for the initial attempt, I tried using Enterprise Manager to try again.
When viewing the backup history, I see my initial full backup taken on Monday plus all the differentials. BUT, on closer inspection, I noticed another full backup in the backup history that was taken early Tuesday morning. I can't figure out where this Tuesday morning full backup came from. It wasn't taken by me (or scheduled by me) and I'm the only one with access to the server. My full backups are usually named something like HCMPRP_20070718_FULL.bak. This erroneous full backup was named something like HCMPRP_03a_361adk2k_dd53.bak. It seemed like it was a system generated name. Not something I would choose. To top it off, I could not find this backup file anywhere on the server and when I tried to restore using this full backup, it failed.
Does anyone have any clues as to where this full backup might come from? Does SQL Server trigger a full backup on its own if some threshold is reached?
I ended up having to restore using the differential taken just before this erroneous full backup and lost a day of transactions.
Using SQL Server 2005, we have a 2.8Gb database under the Simple recovery model. The database contains ~50M rows and each night ~60k rows are loaded(appended) to the database by a SSIS task.
We configured a Maintenance Plan which is executed once a week to perform a full backup of the database. The resulting backup file is ~2.8Gb, as expected.
We also configured another Maintenance Plan which is executed every day, a few hours after the SSIS task is executed, to perform a differential backup. To our surprise, the resulting backup file is about the same size as the full backup, ~2.8Gb when it should only be a few MB (only 60k rows are added to the database)
When we launch the "Restore Database" wizzard we clearly see the different backup set, Full and Differential but they all have about the same size (same for the physical backup file on disk).
Is there anything we are missing, why are the differential backup that big?
I am using following sql to extract locking information in database. It only work on current selected database, how can I tune to work on all databases and not only currently selected?
SELECT DISTINCT ES.login_name AS LoginName, L.request_session_id AS BlockedBy_SPID, DATEDIFF(second,At.Transaction_begin_time, GETDATE()) AS Duration_Sec, DB_NAME(L.resource_database_id) AS DatabaseName,
missing witness server information and the fail-over is broken suddenly? 4:00am no maintenance job. I have one sql job on 10pm for backup on database transaction log only.
I can see the primary have problem then perform fail-over to mirror database, the auto fail-over was broken.
I re-build the sql mirror is OK , but i want to find the root cause.
Windows application event was full when there have many failed event, i have increase log size for application event. Â
Thru maintenance plan I backup my DBs every night and the T-Logs every hour. Now I have to set the option "select into/bulk copy" on one DB. I schedule the differential backup every 3 hour with option "overwrite existing media", wich is, in my case, one file on disk. My sequence of T-Logs is valid even if a non logged operations occurs? If I have to restore this DB can I use the last full backup + the differential backup + all the logs in between?
I trying to created a Differential backup and I get the following error. Can anyone help?
The volume on device 'd:MSSQL7BACKUPCPIDATABKUP.BAK' is not part of a multifamily (RAID) media set. Use WITH FORMAT to form a new RAID set. [SQLSTATE 42000] (Error 3259) Backup or restore operation terminating abnormally. [SQLSTATE 42000] (Error 3013). The step failed.
I'm trying to create a differential backup job that run hourly and that creates a different differential files. Ext. dbfilename1am, dbfilename2am, dbfilename3am ect... Can I do this with one job? Are do I have to create a differential backup job for each hour?
I've defined a maintenance plan in SQL2005, which creates a differential backup of a DB daily. Suppose I'm having differential backups from May, 10 to May, 14 but backup files of May 12 and May 13 are lost (deleted unexpectedly). Am I losing some data, if I restore from backup file of May 14?
I need to replication a server database out side a firewall. But can't change the server configuring for replication, so replication is out. So I wanted to know if I have a full backup of every db send to me every 24hrs. W/ differential every hr, will the restoring process work on the restoring server? Should I restored the full 1st? I'm not sure if the restoring of the Differential will work. Any help on the steps to take, to get this to work with backups & differential will be greatly appreciated.
I'm trying to run a differential backup on our new 7.0 box. It fails with an error message number 3242 "The file on Device 'E:MyFile' is not a valid Microsoft Tape Format backup set."
Why "Tape Format" if I said "Backup database [mydb] to disk"?..
When I run exactly the same query without "Differential" I got a full db backup.
When a new scheduled job is created for a Differential backup, the file specified in the Destination folder is automatically created by SQL Server. After the first time the job runs, is there a way to configure SQL Server to give each Differential file a unique name, including the timestamp (i.e. similar to Full Backup jobs)? I noticed my only options are 'Append to File" and "Overwrite Existing File." If I choose to enable "Backup Set Expiration," the backup job will not run, because it wants to append/overwrite the filename specified.
Hi, Im trying to restore the differential backup,I have to restore the full backup first and then restore the differential backup.Can any body tell me the code for this?
my program is like this --for fullbackup if type=D begin restore database databasename from disk=path end --for differential backup else if type=I ???
I have recently started receiving failures on a differential backup thatpreviously succeeded. Nothing has changed with the structure of the db.Here is the message, any ideas are welcomed. Thanks.Executed as user: fsafood-netisqlservice. The backup data in'E:SQL_BackupsBiz_SalesBiz_Sales_Diff.bak' is incorrectly formatted.Backups cannot be appended, but existing backup sets may still beusable. [SQLSTATE 42000] (Error 3266) BACKUP DATABASE is terminatingabnormally. [SQLSTATE 42000] (Error 3013) Associated statement is notprepared [SQLSTATE HY007] (Error 0) The media family on device'E:SQL_BackupsBiz_SalesBiz_Sales_Diff.bak' is incorrectly formed. SQLServer cannot process this media family. [SQLSTATE 42000] (Error 3241)VERIFY DATABASE is terminating abnormally. [SQLSTATE 42000] (Error3013). The step failed.*** Sent via Devdex http://www.devdex.com ***Don't just participate in USENET...get rewarded for it!
I create a full backup followed by daily differential backup, when I restore database from the fifth or later differential item, I get the following Error Message:
System.Data.SqlClient.SqlError: This differential backup cannot be restored because the database has not been restored to the earlier state. (Microsoft.SqlServer.Smo)
It seems that there is an error when the fifth differential backup occurred, It's a disaster, how can I do, help!
Where can I find more about Multibase Differential Backups? I searched through BOL and MSDN (http://msdn2.microsoft.com/en-us/library/ms178046.aspx) but there is too few information (missing sample, backup syntax for selecting differential base).
Is it possible to have two (or more) bases for differential backup for one database? How to preform such backups?
I recently started using Differential backups. They are working but are growing in size a lot quicker than I expected.
The backups are growing by 2.5GB every day although the total size of all transaction backups is under 350MB. I would have imagined that the total transaction log backups would be a good indicator of total database changes and therefore the differential backups would approach this figure.
I am doing a differential backup every night with t-log backups every 15 mins. The differential backup occurs at 3:00a and is about 300 MB. The very next t-log backup at 3:15a is also about 300 MB instead of the usual 1 - 2 MB. Why is this and how can I avoid it? Is this just how SQL Server works? Do I have to do a full backup every night instead? Thanks in advance for your help.
When we do a full backup the .bak file is 700MB but in the meanwhile our differential backup has grown to a size of 20GB. The backup set expires in 1 day and if the backup file already exists we "append" to it.
What we basically want is a differential backup for one day only. I realize that in SQL Server 2005 you could add a "Clean up" task but that is to delete files but because we only have 1 .bak file for the differential backup this is not an option.
If we set to overwrite the backup file if it already exists what does this mean? Assume that we run a differential backup every hour, does this mean that the differential backup file will be overwritten every hour?
How can we make sure that we have a differential backup every hour and keep only the differential backups for the last 24 hours?