SQL Security :: How To Determine What Certificate Is Used To Encrypt A Database In 2014
May 28, 2015
I use a number of certificates on my database server. I'm trying to verify the correct certificate is being used on the correct database.
View 3 Replies
ADVERTISEMENT
Feb 7, 2007
I have been trying to create a certificate for use with SQL2005. I found openSSL to create a cert but I am not sure how to use it.
When I go into SQL Config Manager / Protocol Properties / Certificate Tab... I do not see any certificates. The list is empty. Where are these certs pulled from and how can I create one on my own?
Here are the Reqs:
Certificate Requirements
For SQL Server 2005 to load a SSL certificate, the certificate must meet the following conditions:
The certificate must be in either the local computer certificate store or the current user certificate store.
The current system time must be after the Valid from property of the certificate and before the Valid to property of the certificate.
The certificate must be meant for server authentication. This requires the Enhanced Key Usage property of the certificate to specify Server Authentication (1.3.6.1.5.5.7.3.1).
The certificate must be created by using the KeySpec option of AT_KEYEXCHANGE. Usually, the certificate's key usage property (KEY_USAGE) will also include key encipherment (CERT_KEY_ENCIPHERMENT_KEY_USAGE).
The Subject property of the certificate must indicate that the common name (CN) is the same as the host name or fully qualified domain name (FQDN) of the server computer. If SQL Server is running on a failover cluster, the common name must match the host name or FQDN of the virtual server and the certificates must be provisioned on all nodes in the failover cluster.
View 3 Replies
View Related
May 14, 2015
Is it possible to determine the data flow within a database? e.g. I start by adding/inserting a record in MainTable1, then through a trigger SubTable1, SubTable2 have records inserted into, SubTable3 has a record updated into, then a StoredProcedure1 is run which updates first SubTable4, then a StoredProcedure2 is run which adds a record in SubTable5. So by simply adding a record in MainTable1, I affect 5 other tables.
Imagine a more complex process than this one now (which I'm currently facing and I want to win time and precision; I will still investigate it myself (if I will find an answer first - I will post it here)) Is there a way I could "extract" this flow by using T-SQL?
View 7 Replies
View Related
Apr 30, 2007
Is there any way to determine what objects (stored procedures in my case) have been signed by a certificate? I could not find any system views/tables/functions that seem to give any information about certificates what so ever. Am I missing something or is that part of the security to prevent gaining details about certificate usage?
View 5 Replies
View Related
Aug 28, 2007
I've been reseaching on SSB and have read quite a number of posts on this forum that closely relate to what im trying to achieve. I have a solution im designing that ideally consists of a central server (SQLENTERPRISE) that will receive messages asynchronously from remote clients (SQLEXPRESS) spanning a wide geographical region over a GPRS virtual private network on a TCP/IP transport. This ideally is a star and spoke architecture and requirements dictate high level security, no loss of messages whatsover as well as high reliability and scalability.
To meet the security requirement in the context of the above scenario, i was thinking implementing both dialog and endpoint security using certificates would be ideal. I've downloaded some samples and have encountered problems simulating the above scenario on 3 machines (I Server & 2 Clients). Client1 sends messags successfully, the 2nd client doesnt possibly because the certificate on the server matches that to client1 since i ran that script first. How do i make it that the Server shares one certificate with all remote clients? Or is there a better way to configure SSB to work in this scenario?
Secondly i have hard coded the Server's IP Address in the Routes created on the Clients. Considering this is over a GPRS Virtual network, how can i make the clients dyamically "discover" the Server? The idea here is to make adding and setting up of new remote clients easy so that you can just plug them in to the existing network
Any help or pointers would be greatly appreciated.
PapaLee
View 1 Replies
View Related
Jul 7, 2015
I have inherited a job that is calling a maintenance plan. The maintenace plan makes a back-up of various databases.I have to add a step to add to encrypt the backup. I have the exe already. Its called "EncryptBackup.exe".My difficulty is I do not know how to add the step to the job exactly. The command syntax eludes me a bit. The syntax for the encrypter exe is:
C:exesEncryptBackup.exe C:DBBackupFolderA Encypt filename.bak
The output is "filename_encrypt.bak". It should be noted that there exists several sub-folder off: C:DBBackup like FolderA, FolderB, etc...each one holds a database.
View 5 Replies
View Related
Oct 26, 2015
I must prepare a procedure which should export some data from some DB columns, but these data must be encrypted using the OpenSSL protocol, to be sent to an external recipient.This recipient sent to me a "public" certificate in PEM format, to what I understood (it is a file beginning with the expression "-----BEGIN CERTIFICATE-----", then a long Base64 sequence and then "-----END CERTIFICATE-----").
Then I didn't create the certificate nor I am a certification authority: I just have this public key (or, at least, a file from which I can extract a public key) and I must use it to encrypt data in order to obtain an output which must be analogue to what I can obtain when using this OpenSSL command line instruction:openssl rsautl -encrypt -in CF.txt -out CF.enc -inkey SaniteICF.cer -certin -pkcs
Then the question is: starting from this PEM file and nothing else, can I import it and store an asymmetric key or a certificate in SQL Server and use it to encrypt data to be exported?
View 9 Replies
View Related
Oct 1, 2014
I want to use a certificate with 10-years expiration date. I created a new template certificate, based on default computer certificate, and I only change expiration date to 10 years.
In SQL Server SSL configuration, I dont view this certificate. In only view certificate created with the "Computer" template (with validity period of 365 days). All others certificates based on template are invisible to SQL Server
How can I use a custom template instead of the default "computer" template ?
View 0 Replies
View Related
Mar 30, 2007
Hi,
I need know what algorithm to encrypt the password into Security Directory, if anybody know the name.
Thanks
View 1 Replies
View Related
Jul 6, 2014
I am trying to learn how to store a web form password and than check it when the user log in. So far none of the code I can find works.
Why the following test does not work and what the correct code should be?
Insert Into [user]
values ('name', 'email', HashBytes('SHA1', 'bob'))
GO
Why does the following produce no rows?
SELECT *
From [user]
Where HashBytes('SHA1', password) = HashBytes('SHA1', 'bob')
View 8 Replies
View Related
May 22, 2007
hi all,
i m trying to send message between different server instance using service broker.
and for security purpose i am trying to create certificate. for that i have used makecert.exe and get a certificate and a private key. but when i am creating certificate using that file it is showing error
the code is --
CREATE CERTIFICATE ctfSourceServerMaster
FROM FILE = 'C:SourceServer.cer'
WITH PRIVATE KEY ( FILE = 'C:SourceServer.pvk', DECRYPTION BY PASSWORD = 'PrivateKeyPassword' )
ACTIVE FOR BEGIN_DIALOG = ON
GO
i have created the file SourceServer.cer' and SourceServer.pvk' by using makecert.exe tool.
the idea behind creating the certificate ctfSourceServerMaster is to give transport security.
I am running the particular script in the master database.
but still i am getting error
ERROR:----
The certificate, asymmetric key, or private key file does not exist or has invalid format.
If any body has any idea please help!!!!!!!!!!!
Thanks a lot in advance
View 1 Replies
View Related
Nov 19, 2015
We are unable to login in database due to “The server could not load the certificate it needs to initiate an SSL connection. It returned the following error: 0x80090331. Check certificates to make sure they are valid. Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.”we have tried to run that selfssl.exe from command prompt followed by below command and am getting the cryptographic error.
View 3 Replies
View Related
Aug 7, 2007
We are using Windows authenication within our system, and I was wondering how it would be possible to determine if the user conected to the SQL SERVER instance was a member of a particular active directory security group?
Thanks.
View 3 Replies
View Related
Nov 25, 2014
I want two write a small script to determine which is the currently active (primary) server in the AG.
Right now, I see that using SELECT * FROM SYS.dm_hadr_availability_replica_states I can determine the role. However, when the server goes down and switches to the secondary node, I don't believe that the role changes (or does it?). How do I determine which is the active node?
View 9 Replies
View Related
Mar 6, 2008
I can use "CREATE CERTIFICATE" to add a CER certificate into a SQL database. How can I do so with a PFX certificate? From the document, it can be done so with a CER file and a PVK file, but only a PFX file.
View 1 Replies
View Related
Jun 23, 2007
Hi,I have a .net application and i added a code that encrypts data saved in database. However, there is already data in the fields that was entered before this change.I know need to check if the values in those fields are encrypted and if not i need to encrypt them.How can I perform such a check and update the relevant data?I use TrippleDES in .net to encrypt/decrypt the data.Thanks
View 1 Replies
View Related
Dec 26, 2005
I have 2 questions:
1. How to encrypt data of database in SQL Server 2000 ? Someone can't see true data
if without password or something else.
2. If i have 2 database . All of them have same table, structure, ....How to update or insert or change in the second database when i update or insert or change in the first database automatically ?
Thank you very much.
View 10 Replies
View Related
Oct 11, 2006
Hello.
I've built a simple Visual Basic .NET project containing the following code...
Imports System
Imports System.Data
Imports System.Data.SqlClient
Imports System.Data.SqlTypes
Imports Microsoft.SqlServer.Server
Partial Public Class StoredProcedures
<Microsoft.SqlServer.Server.SqlProcedure()> _
Public Shared Sub WhoAmI()
Using connection As New SqlConnection("context connection=true")
connection.Open()
Dim command As New SqlCommand("SELECT SUSER_SNAME()", connection)
SqlContext.Pipe.ExecuteAndSend(command)
End Using
End Sub
End Class
From Visual Studio, I want to encrypt the contents of this assembly, as a proof-of-concept.
Even though assembly contents are stored as varbinary(MAX) in the database, converting to varchar(MAX) will expose the code.
However, the Dotfuscator Community Edition reports the following error: "Dotfuscator Community Edition cannot operate on SQL Server applications.... please try Standard or Professional Edition."
Has anyone tried encrypting a database assembly and deploying to the database?
A good test would be to issue the following TSQL script against the database holding the assembly...
-- Does the sample code above run?
EXEC dbo.WhoAmI
GO
-- Is the code readable?
SELECT * , Convert(varchar(MAX), content) FROM sys.assembly_files
View 4 Replies
View Related
Jun 24, 2015
After installing SQL Server 2014 SP1 CU1 (build version 12.0.4416.1) the SQL Server service no longer fails to start when TLS 1.0 is disabled, but no matter what I have tried I can't successfully connect to the database.When trying connect using shared memory I get this message:A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - No process is on the other end of the pipe.) (Microsoft SQL Server, Error: 233)And if I tryTCP/IP or Named Pipes I get this:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified) (Microsoft SQL Server, Error: -1)
TLS 1.1 and TLS 1.2 are enabled on the computer and working fine for IIS. what I can do to get SQL Server to work successfully with TLS 1.2 or is it still just not supported yet?
View 8 Replies
View Related
Jun 22, 2015
Why 'nt authority system' is not a Sysadmin on some SQL server 2014 ENT box? and it is on others?
View 2 Replies
View Related
Jun 29, 2007
Hi, We are trying to implement Service Broker between SQL Server Express and SQL Server on the Same machine and we are having problems with certificates. We are creating a certificate on SQL Server, backing up the certificate on a file system and then loading certificate on the SQL Server Express from the file and we are keep getting the following error: Msg 15208, Level 16, State 1, Line 1 The certificate, asymmetric key, or private key file does not exist or has invalid format.
Following script runs fine on SQL Server.
Code Snippet
use master
Create Master Key Encryption BY Password = '45Gme*3^&fwu';
BACKUP MASTER KEY TO FILE = 'C:ServiceBrokerPrivateKeyMasterB.pvk'
ENCRYPTION BY PASSWORD = '45Gme*3^&fwu'
Create Certificate EndPointCertificateC
WITH Subject = 'C.Server.Local',
START_DATE = '06/01/2006',
EXPIRY_DATE = '01/01/2008'
ACTIVE FOR BEGIN_DIALOG = ON;
BACKUP CERTIFICATE EndPointCertificateC
TO FILE = 'C:ServiceBrokerEndPointCertificateC.cer'
Following script runs on SQL Server Express:
Code Snippet
Create Certificate EndPointCertificateC
From FILE = 'C:ServiceBrokerEndPointCertificateC.cer'
WITH PRIVATE KEY (
FILE = 'C:ServiceBrokerPrivateKeyMasterB.pvk',
DECRYPTION BY PASSWORD = '45Gme*3^&fwu'
);
If we run the script other way around, it works fine. If we use the SQL Server on some other machine, the script works fine. But only on the same machine, it throws this error. We made sure the permissions and everything. Let us know if there is any work around or what are we doing wrong.
Any help is appreciated. Thank you,
View 4 Replies
View Related
Jun 11, 2007
anyone has the experience to solve this?
View 8 Replies
View Related
Sep 26, 2007
How can i encrypt or mask a column in the database?
Any help will be appreciated
Regards
Karen
View 4 Replies
View Related
Jul 16, 2015
I have a SQL Server 2014 instance running on a SQL Server 2008 R2 server. The server is not clustered, it is just a stand alone SQL Server. The syspolicy_ purge_history job fails every now and then with the error message: "A job step received an error at line 1 in a PowerShell script. The corresponding line is 'import-module SQLPS -DisableNameChecking'. Correct the script and reschedule the job. The error information returned by PowerShell is: 'Access to the path 'PowerShell_CommandAnalysis_Lock' is denied. '. Process Exit Code -1. The step failed."
Google isn't bringing up much besides the whole"If this is a clustered server make sure you have the right server name in the command" answer, which isn't the case here. Some days this job fails and some days it succeeds. I have checked out task scheduler to see if there were any conflicts there, found nothing. Nothing in the event viewer either.
View 2 Replies
View Related
Dec 22, 2006
Hi, all.
here is the situation.
we designated one server as a mirrored server. this server will host all mirrored databases from different principles in different server using certificate.
1) Server A (Principle) Server B(Mirrored)
2) Server C (Principle) Server B(Mirrored)
I was able to set up mirroring between A and B. But unable to set up mirroring between C and B.
My question is "Can I grant connect on endpoint to two different host logins?"
For example, on the server B
I created two different logins for Server A and C in order to assign different certificates to two principle servers.
For Server A.
create login server_A_login with password = 'djkkajnxks';
go
create user server_A_user for login server_A_login
go
create certificate server_A_cert
authorization Server_A_user
from file = 'c:certificateserver_a_cert.cer'
go
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [server_a_login];
GO
For Server C.
create login server_C_login with password = 'djkkajnxks';
go
create user server_C_user for login server_c_login
go
create certificate server_c_cert
authorization Server_c_user
from file = 'c:certificateserver_c_cert.cer'
go
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [server_c_login];
GO
when I set up like this and try to start mirroring, I am getting error from server c saying, "the network tcp:serverb.corp.com can not be reached or does not exist"
But mirroring between server a and b is OK. I set up them first, then between c and b.
any ideas?
thanks,
View 2 Replies
View Related
Dec 3, 2007
Hi! I have an existing database in SQL Server 2005 and I would like to apply encryption on my database. Does anyone have an idea on this?
View 7 Replies
View Related
May 21, 2014
how does security works between availability groups.
ex if i create an object and grant permissions to a user will that be replicated to secondary replica .
View 4 Replies
View Related
Jan 21, 2015
SSISDB 2014 - Enabling CLR - Is there are kind of security risks for enabling CLR when creating SSISDB?
View 0 Replies
View Related
Feb 13, 2008
What is the most reliable way to determine the last LSN of a database? I've looked in sys.database_files to no avail. I've also looked in msdb.dbo.backupset which is accurate but only based on backups already performed not the current state of the database.
-joe
View 5 Replies
View Related
Jan 7, 2007
Hi there ,1. i have a database and i want to encrypt my passwords before storing my records in a database plus i will later on would require to authenticate my user so again i have to encrypt the string provided by him to compare it with my encrypted password in database below is my code , i dont know how to do it , plz help 2. one thing more i am storing IP addresses of my users as a "varchar" is there a better method to do it , if yes plz help me try { SqlConnection myConnection = new SqlConnection(); myConnection.ConnectionString = ConfigurationManager.ConnectionStrings["projectConnectionString"].ConnectionString; SqlDataAdapter myAdapter = new SqlDataAdapter("SELECT *From User_Info", myConnection); SqlCommandBuilder builder = new SqlCommandBuilder(myAdapter); DataSet myDataset = new DataSet(); myAdapter.Fill(myDataset, "User_Info"); //Adding New Row in User_Info Table DataRow myRow = myDataset.Tables["User_Info"].NewRow(); myRow["user_name"] = this.user_name.Text; myRow["password"] = this.password.Text; // shoule be encrypted //not known till now how to do it myRow["name"] = this.name.Text; myRow["ip_address"] = this.ip_address.Text; myDataset.Tables["User_Info"].Rows.Add(myRow); myAdapter.Update(myDataset, "User_Info"); myConnection.Close(); myConnection.Dispose(); } catch (Exception ex) { this.error.Text = "Error ocurred in Creating User : " + ex.Message; }
View 3 Replies
View Related
Feb 21, 2001
Problem: I can add 4 items to a SQL 7.0 database but I need to redirect the user if all 4 items exist in the same Record elsewhere in the Database.
Clearly I need some kind of statement like "if category1 = var1 AND category2 = var 2 AND..." but don't know where to put it.
Code:
strSQL = "SELECT * FROM tblUserQuarter"
Set objRS = Server.CreateObject("ADODB.Recordset")
objRS.Open strSQL, objConn,adOpenStatic , adLockOptimistic
'Insert choices from report.asp into tblUserQuarter
objRS.AddNew
objRS("cboFY") = Request.Form("cboFY")
objRS("Quarter") = Request.Form("Quarter")
objRS("ID") = Request.Form("ID")
objRS("Report") = Request.Form("Report")
objRS.Update
objRS.Close
Set objRS = Nothing
objConn.Close
set objConn = Nothing
View 1 Replies
View Related
Feb 25, 2015
I ran a query to see how big my database on my SQL Server is and do not understand the metrics. I want to see how much of my 10GB database is left.
database_namedatabase_sizeunallocated space
ANTHEMQ 6521.06 MB243.55 MB
reserveddata index_sizeunused
1332304 KB1328168 KB1800 KB 2336 KB
View 3 Replies
View Related
Mar 8, 2007
Simple question...
When I use the full version of SQL Management Studio, I can run a report to view the size. How can I do this with SQL Mgmnt Express?
View 1 Replies
View Related