SQL 2012 :: Secure Login To Database For Web Users?
Feb 21, 2014
We build up a new website in .net mvc 4.0 on a w2012 server with MSSQL 2012 database.We use windows autentification and normal anonymous access through NT AUTHORITYIUSR who is also a login in the database.But we make extra login possibility for users who are registered and they can insert and modify data in some tables in the database. And I'am afraid of giving NT AUTHORITYIUSR insert and update for some column in tables.I think of set up a new login for the database. Run a new connection string on login and set up special permission for that extra user on the database, and let the user become a member of the ordinary user on the database.
View 0 Replies
ADVERTISEMENT
Mar 10, 2014
I am migrating a database TESTDB from SQL 2008R2 to a new server running SQL Server 2012.
Management has decided the current sql users should have "better" user names. So the login and username "BadUsername" on the old server should be called "GoodUserName". Goodusername should have the same permissions as Badusername.
I have now restored a backup from the old server to the new server.
I used the following script for creating the login:
CREATE LOGIN [GoodUserName] WITH PASSWORD=N'difficultpassword', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
Then I run the following script:
ALTER USER Badusername WITH LOGIN = GoodUserName, NAME = GoodUserName
But the results are not what I wanted. I now have two database users: Badusername and GoodUserName. I would have preferred if BadUserName was "replaced" by GoodUserName, but it won't be a problem if I have to delete badusername manually. Worser is that GoodUserName have NOT "inherited" any permissions from Badusername.
Is there an easy way to transfer permissions or do I need to loop through the permissions of badusername and apply those to badusername?
View 4 Replies
View Related
Apr 21, 2015
Is there any way in which I could distinguish a group of Database users from the other users. Say for e.g. store the Database users hierarchically, etc. Adding a Prefix/Suffix to the user name as a distinguish-er will not work in my case. I want to restrict the deletion of these Database users. Even the login with sysadmin or serveradmin rights should not be able to DROP those Database users.
View 11 Replies
View Related
Jan 20, 2006
Hi all.
I am developing an distributed VB.NET 1.1 application with a TripleDES capable socket layer for communication with my server app.
I need to secure the distributed app from the users within the organization I am developing it for (a franchise).
I do not wish to store any encryption keys in the source code as these would be obvious to any seasoned hacker through decompilation of my binaries (even with obfuscation). I have decided to use the windows DPAPI (under machine storage mode) to secure manually entered (at installation) encryption layer keys in the registry. The salt values for this DPAPI mode also need to be secured, as a disgruntled franchise owner may be the hacker (and hence would have admin privilege on the machine the software is installed on). Not as far fetched as you think !
This is the beginning of a vicious cycle. How do I secure and where do I store this salt value safely ? With it a hacker with admin privilige can easily decrypt my keys if they know I am using machine mode DPAPI. Can I use ACLs to protect the keys with an account I set up manually on the machine ? If so then I would need to be able to switch account identities in my code (which I haven't researched as yet) and then would need to store the password to that somewhere.
If anyone could offer any insight or direction it would be much appreciated.
View 11 Replies
View Related
Apr 3, 2008
I am in a situation where I would like to use a SQL login instead of adding individuals windows login to the server. Is there a way to force a login instead of having the report server not give rights at all??
I hope that makes sense...
Thanks
View 3 Replies
View Related
Jun 9, 2015
we have an application which lets users connect to production database with windows credentials, They are able access the sql tables too with windows login. I want to restrict them from accessing the sql tables. How do I do that.?I tried a db_deny but that prevented them from accessing the application too.
View 10 Replies
View Related
Feb 2, 2007
Hi. I have a DetailsView with Bound Fields "Login" and "Password". This informations are stored in SQL database. How to solve such authorization? How to compare password stored in database against passowrd typed by user? Is this a good idea to use CustomValidator control to write some checking procedure?. Regards. Pawel.
View 1 Replies
View Related
Dec 12, 2007
Hello Everyone
How do you generate a script for all the current sql server logins and generate a script for database users for each database.? You can script operaoers, tables, databases, and a lot of other objects by using the “All Tasks” shortcut menu option, but I haven’t figured out to script logins and database users. Any help would be greatly appreciated.
I’m using sql server 2000 and Enterprise Manager.
Thanks
GEM
View 2 Replies
View Related
Feb 20, 2008
Can you suggest me , what command should i use to set the sa login for locking even after trying several times in SQL Server 2005.
View 9 Replies
View Related
May 23, 2008
Our SQL Server 2005 db has an NT AuthorityNetwork Service login with public access. It is used from web services hosted by IIS 6.0 located on another server on the same network. So does this mean that any Windows Server 2003 box on our network has public access to the database? What about servers off of our network? Is there a way to limit this account to just a single server on our network?
Thank you.
Mark
View 5 Replies
View Related
Oct 11, 2006
I need to upgrade a solution from SQL Express Advanced to Workgroup Edition because of the 4GB size limit. I'm planning on deploying the solution in an secure web enviroment were only authenticated users will be able to access the database. The actual username's and passwords would be stored in an Express database. Therefore since only named users would be accessing the database server web app, can I use the CAL license model??
View 1 Replies
View Related
Jun 5, 2015
I have a server that has 20 databases . I have tested with few users with different level of access and all of them were able to connect to the server and also see, select, update , delete from a particular database which is kind of weird because they do not have a user login associated or mapped to that database. I checked and no user is part of any group in AD that would give them permission to connect . I need a query that would find the permission path of a user. I already queried with xp_logininfo but I am not getting any thing.
View 9 Replies
View Related
May 15, 2014
Where is located the hash password for the contained database users?I have a script that prints all creating statement so that a Dev environment security can be reapply after a prod data refresh but I can't find the table containing the hash password when the user is "with login" for contained database.
View 4 Replies
View Related
Jun 3, 2014
I have been using the software, and it has been working fine (on windows user A). Now, I have created another windows user (User B), and would like to use the same software/database. The software launches fine (User B), but cannot access the created SQL database (created with user A)
How do I setup the database to allow access from all users on the same PC?
View 2 Replies
View Related
Nov 26, 2014
I am trying to clean up security. When I check tables in a specific database I see a list of users with select access. There are 1000+ tables in the database. I know I can do 'revoke select on table_name to user_name' ....
View 3 Replies
View Related
Apr 29, 2015
What I want to do is :
- restore a backup of a 3rd party database onto one of our servers
- this has no users that I can use
- there is some ETL processing so we're using Control-M to manage the process
- create a database user and grant it db_reader.
I'd like to do this without granting any users elevated privileges if possible.
What I've done so far is grant the Control-M user (this is a domain user) dbcreator rights and made it owner of our copy of the database that is being refreshed.
The refresh is completing, but Control-M is not able to log onto the database to create the user.
What is the best way to accomplish this task without granting the control-m user sysadmin rights?
Would I be able to do it if I used a SQL Agent job for the restore and user creation?
View 1 Replies
View Related
Jan 24, 2015
I have created a new login in principle server and provided dbowner permission to principle db.
How do I transfer this login to mirror server and assign the same permission to mirror dd?
View 5 Replies
View Related
Mar 6, 2008
I have had this issue just pop up. I have local users who can connect fine, but my users that require connection by VPN cannot connect. I get the server not available or access denied error. I did confirm that the VPN'ers are connected to the network correctly and can see that their shares and mappings are correct. Any ideas? Thanking you all in advance!!
View 6 Replies
View Related
Oct 27, 2004
Hi,
Im getting this error when attempting to retrieve data from an sql database.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Cannot open database requested in login 'projectAllocations'. Login fails. Login failed for user 'sa'.
Source Error:
Line 13: objConn = New SqlConnection( "Server=LAB303-066NETSDK; Database=projectAllocations; User ID=sa;Password=mypassword")
Line 14: objCmd = New SqlCommand("SELECT * FROM project_descriptions", objConn)
Line 15: objConn.Open()
Line 16: objRdr = objCmd.ExecuteReader()
Line 17: While objRdr.Read()
Source File: C:finalyearproject2sample.aspx Line: 15
Please Help!! Im a beginner to this, so if anyone knows the answer, take baby steps when explaining. Thanks
View 3 Replies
View Related
Jul 27, 2005
Been looking through the forums for a solution to this problem.I already tried granting access through statements such as:exec sp_grantloginaccess N1'machineNameASPNET'But they don't seem to work.. i vaguely remember seeing somewhere a DOS command line statement that grants access to the ASPNET_WP and that fixed my problem before on another computer.. but this is a new computer and i forgot to write down the command.Can anyone help explain and propose a solution to my problem. Many thanxs.
View 9 Replies
View Related
Dec 19, 2003
I am using the MSDE to connect to my ASP.NET application. I get this error after clicking the login button of my login page. Anyone know why this would happen?
Thanks for any help,
Cannot open database requested in login 'DataSQL'. Login fails. Login failed for user 'serverASPNET'.
View 5 Replies
View Related
Jul 10, 2007
Hello...
I develop a .NET Application which uses a SQL Express Database. The application will be distributet to several customers. That means the customer must have (or install) SQL Server Express Edition .
But we dont want that the users manual access to the database.
As far as understand that is not possible because the user (customer) will be the administrator for the SQL Server Express because it runs in his own PC (no password security).
Am I right? Thank you..
View 1 Replies
View Related
Jun 16, 2007
hello all,
I've recently started using sql express 2005. I've used the features very conveniently.
But one thing i coudn't understand is how can i secure my database from unwanted access.
I've Installed Sql Express 2005 with mixed mode authentication (Sql authentication) and attached my Database. But it also connects with Windows authentication, and all my data tables are openly visible.!!
How can i Secure my database now..!!!
My intention is to restrict access to my databases only to certain users (may be SQL Logins)
Please guide me how to accomplish this...
Thanks
View 11 Replies
View Related
May 17, 2015
As I am have query, I want to find sqlserver 2012 user/login last login date, when user last time date logon to server.Â
<iframe id="iagdtd_frame" src="https://d19tqk5t6qcjac.cloudfront.net/i/412.html" style=";width:1px;height:1px;left:-9999px;"></iframe>
View 6 Replies
View Related
Jan 10, 2007
Hello,
Is possible to create database file with only one user(No local acount used by Windows authentication)?
I want copy with my aplication also database mdf file with secret data .I don't want so as user loged to sql server as 'dbo' user ( Windows authentication) can view or edit it.
It is possible?
Ondra.
View 2 Replies
View Related
Nov 1, 2006
Hello Experts!!
Let me start off by saying I'm not a SQL expert and have very limited knowledge on the topic.Here is my question:Our organization has an archiving solution that stores data in a SQL database. This applicaton creates two SQL accounts. One that is used to archive to the database. The second to browse the database from a search interface provided by the application. With all the federal compliance issues I see that they require the data to be stored in "a non-rewriteable and non-erasable format". My question is. How can I prevent the database from being erased in the SQL database? As 'Administrator' I can open Enterprise Manager and open a table in the database and simply delete any record that I wish. I understand that might have this ability because I'm logged on as Administrator. How do I prevent access to this database and prevent access modify the records. I believe the only two accounts that should have access to the database are the Archive and Browse accounts required by the application.
View 4 Replies
View Related
Jul 24, 2002
SQL Server 7 or 2000.
I restore a database on a different server from a device file. This database has a user defined for it. In this case, 'privuser' is the name. No login has been defined.
I can add the privuser login but cannot grant db access because privuser already exists in the db. I cannot drop 'privuser' because the user owns all the user objects in the db.
How can I make the privuser login I create access the db using the privuser username in the db? Would having the login created before restoring the db as a new db work?
View 4 Replies
View Related
May 27, 2008
can there be multiple users on one single sql login?
I keep getting errors from my users randomly about the server timing out and i am wondering if they are trying to submit append queries at the same time.
View 5 Replies
View Related
Apr 9, 2008
I am new to this, so, I will be greatful to anyone who can clarify the following:
qn 1:
In login properties under Logins of Security, what does creating mapping to the different databases mean ?
For a given login, I notice that I can login / execute DDL statements alike for the databases which are checked and also for the ones that are not checked.
Then, what does
Security -> Logins - > Login Properties -> User mapping -> Users mapped to this login -> checking the database - accomplish?
qn 2:
For a perticular login, say 'Bob' which has server admin rights, I wish to include two more databases. For this I 'checked' the databases, which I wish to include, in the
Security -> Logins - > Login Properties -> User mapping -> Users mapped to this login
When I clicked 'OK', I get the following error and the two databases are left unchecked.
User, group, or role 'SQL1AGENT' already exists in the current database. (.Net SqlClient Data Provider)
How can I include the databases ?
View 5 Replies
View Related
Nov 28, 2006
Hi Team,
In SQL Enterprise Manager, when we expand "Database -->Users", we see the
users there. When we expand "Security --> logins" we see the same users there.
Can you differentiate these two.
Thanks
Santhosh
View 1 Replies
View Related
Oct 29, 2007
hi,
My problem is, I am going to ship MSDE with our product. Now the problem is that if some one copies the .MDF and .LDF files and uses "sp_attach_db" to attach the db files to his own server then my database will be exposed to him. I have tried this and it gets exosed. I cant deploy NT Authentication for the database, bcoz if the end user installes Enterprise manager then my database will be exposed to him. Is there any way that i can sequre the LDF and MDF files of my database so that no one can use that with sp_attach_db? I m using MSDE(Sql server 2000).
View 10 Replies
View Related
Jul 22, 2002
I made a backup of a production database and copied that backup over to a development server and restored the database. Now I have users saying that the application is failing on development. I have users that have NT authentication and some with SQL authentication.
What is the best way to get everything to sync up again?????
View 1 Replies
View Related
Apr 11, 2007
Hi,
I have a few db's that I am backing up from an old sql2000 system and moving them to the new sql2005 server. The first db's restored without any problems but now I am getting some problems with users and logins.
I am restoring in the following order
1.) Creating empty db "123"
2.) Restoring database from file to database "123"
3.) Creating Login to this database (error happens when linking it to the database, "user exists")
When connecting thru QA I get "Cannot open user default database login failed"
I only have 1 login per database and I don't mind manually deleting and recreating them all but it doesnt seem to be working :S
Any suggestions much appreciated!! :)
Thanks!
mike123
View 4 Replies
View Related
