SQL Server 2005 And Security Over The Internet
Feb 2, 2008
Couple of questions for the SQL Server Guru's out there.
SQLServer 2005
Web Hosting Provider
Ok I am developing a Web application in ASP.NET with AJAX, etc. etc. It will be some time before it is ready to roll out. As a mockup I created the same application in Microsoft Access and Visual Basic (VS 2008), which I can link the tables to the hosting provider on the internet. Works very well and speed is very acceptable. The want to start utilizing it with the mockup distributed app that I created.
My question is, is how secure is the data that is moving from the local application to SQLServer 2005 with the web hosting provider ? Is there anything that I can do to increase security ?
Thanks, any thoughts ?
Appreciate any suggestions or comments.
View 1 Replies
ADVERTISEMENT
Jul 20, 2005
Hi,Just installed Norton Internet Security on an XP workstation that also hasSQL Server on it.I now find that I cannot access SQL Server and multiple messages are beingissued by NIS.When I switch off the Firewall & Intrusion Detection I can access SQLServer.Does anyone know how to configure NIS so that I can use it alongside SQLServer?Thanks,Mike.
View 1 Replies
View Related
Dec 19, 2007
does anybody know why MS doesnt consider Basic Authentication a viable solution for Inter/Xtra net access to RS? I'm re reading the documentation at http://msdn2.microsoft.com/en-us/library/bb283249.aspx but so far am not getting what the Security Extension options accomplish that can't be accomplished with much less effort using some form of Basic Authentication.
View 25 Replies
View Related
Feb 18, 2007
How can I access my Microsoft SQL Server 2005 through internet?
For example, I set up a Microsoft SQL Server in one of computers of my company, and every computer in my company has its own IP .They are in the same workgroup. Now, there is no problem with database access with another computer in my company.
Can anyone tell my how to access it through a computer out of my company?
Thanks
View 1 Replies
View Related
Jul 12, 2006
Hey all!I am hoping that somebody will be able to help me getting my database working over the Internet.I am using VS 2005 and SQL Server 2005 Express Edition and have my database set up within a web site project in VS under the App_Data folder.Everything runs smoothly when running the application on localhost I am just facing a problem when I attempt the same thing after uploading my pages to my web server.I am receiving the following error:An error has occurred while establishing a connection to
the server. When connecting to SQL Server 2005, this failure may be
caused by the fact that under the default settings SQL Server does not
allow remote connections. (provider: SQL Network Interfaces, error: 26
- Error Locating Server/Instance Specified)I have tried enabling the disabled SQLEXPRESS protocols and disabled my firewall with no luck.I have also looked into using localhostsqlexpress as the server name but I dont see how this method would work as it appears to only run a database on the local machine which is the problem I have currently.Could anybody help me with this problem? I have only just started trying to use SQL Server Express as a means of database connectivity and I am not exactly sure how it all works.Thanks
View 1 Replies
View Related
May 24, 2007
Is it possible to connect to a sql server express over internet or not ?
- I am using a win2003 sp1 server. Freshly installed.
- The server is directly connected to internet.
- For the purpose of the test, I stopped the windows firewall and the IPSec service.
- I stopped SQL server Browser service.
- I find a free port (here : 1401)
- I activated TCP/IP protocol in SQL Server Configuration Manager, and I have selected 1401 as the TCP port in the IPAll sextion of TCP/IP protection (and I remove the '0' of the dynamic TCP Port).
- Restarted SQL server express...
In the sql server log, I get the message "Serveur Server is listening on [ 'any' <ipv4> 1401]"
But I never get an answer from the server.
sqlcmd -S ip_of_the_server, 1401 -U username -P password is working fine if launched on the server. But I always get a timeout error from any PC. Same with a telnet on port 1401.
Any idea ?
-
View 8 Replies
View Related
Jul 12, 2007
Hi!I am trying to connect to my SqlServer 2005 thru internet, but it is notworking. I have a dyndns updater on my server which tells me an ip addressof the router. The router is configured to forward TCP port 1433 to LAN IPaddress of the computer on which is SQL Server installation.What is the connection string to connect to my server.I tried xxx.dyndns.org:1433, but it doesn't work. There is a defaultinstance installed on that machine.Please help.Zvonko
View 6 Replies
View Related
Sep 19, 2007
hi,
i am new to sql server reporting 2005. i can able to create reports and i can able to access in web pages. But my problem is, my reports and database are in one server, and my web server is differnet. we cant view the reports from internet. How can we slove this. any one can help?
Thanks in advance.
sns
View 2 Replies
View Related
Feb 27, 2007
I have a question and bear with me because I am pretty new to this topic.
I have a SQL SERVER 2005 with a Client Server Application. Now I want to add a Webinterface. Sinice there is no infrastructure for hosting our own server. I want to go to an external hoster/provider.
Now my question is it possiple to replicate a snap-shot of the database to an web hoster?
If yes, what does my hosting package requieres beside SQL SERVER and ASP.NET. Any Services and open ports? What about Security?
When I replicate via push Service from my local SQL SERVER do I have to have a tunnel to the provider? Or external network access to my network via VPN. Or is there a way of doing it via HTTP? HTTPS? (I think I saw some settings about FTP replication...). Because of the Infrastructure Problems mentioned above...
It would be great if someone could give me closer information about this topic...
Links, Ressources, Tipps, Tricks, Tools... just anything... would be appriciated very much...
Thx.
View 3 Replies
View Related
Sep 27, 2007
PROBLEM:
SQL 2005 rejects connection from an ASP.net test webpage (shown below).
CONFIGURATION:
Internet > Concast Cable > Router > Sever01 Nic1 > Server01 SBS 2003 & SQL 2005 > Sever01 Nic2 > Switch > Local Area
Linksys Router WRV54G( Firmware Version: 2.39.2): Port Range Forwarding TCP 1433 and UDP 1434
Small Business Server 2003 Premium (Server Name: Server01)
Two network cards: Internet Ionnection and Local Area Network
Ran: Configure E-mail And Internet Connection Wizzard
Ran: Remote Access Wizzard (disables access to Windows Firewall)
Note: Remote workplace, Outlook Web Access, Sharepoint, etc, on ports 443,444, 3389, 4125 All work remotely - so Linksys router and RRAS port settings are working.
Routing And Remote Access(RRAS) >NAT/Basic Firewall > Internet Ionnection > Services And Ports
Added TCP Incoming Port 1433, Private Address 127.0.0.1, Outgoing Port 1433
Added UDP Incoming Port 1434, Private Address 127.0.0.1, Outgoing Port 1434
SQL Server 2005 Standard Edition version 9.0.3042 (installed on same machine, default instance ID MSSQLSERVER)
By default: TCP protocol is enabled and local remote connections are enabled on standard Edition. Also by default: MSSQLSERVER automatic/started/running and SQL Server Browser automatic/started/running
Ran: SQL Server 2005 Surface Area Configuration to confirm MSSQLSERVER instance settings are running.
Using: SQL Server Authentication: Login and Password
"sa" is a default account that works locally.
SQL Server Configuration Manager:
MSSQLSERVER protocols: Share Memory and TCP/IP enabled
TCP port 1433 by default (confirmed listening by ERRORLOG)
Microsoft SQL Server Management Studio
Database Engine lists SERVER01 (instead of SERVER01MSSQLSERVER - the default instance is not named explicitly)
Created database "Test" under SERVER01 > Databases.
Created table "tblCategories" in "Test" (included some fields and data)
Server-Side Successful?
netstat -ano | findstr 1433
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 2004
Client-Side
Ping Successful
ping <xxx.xxx.xxx.xxx>
Telnet Successful (blank screen)
telnet <xxx.xxx.xxx.xxx> <port#>
TEST ASP.net Web Page Button Sub
I have this button on a page at Godaddy.com connecting to an instance of MS SQL provided by Godaddy and there is no problem connecting to that SQL Server.
Public Sub TestSQL_Click(Sender As Object, e As EventArgs)
Dim rdr As SqlDataReader = Nothing
Dim conn As SqlConnection = new SqlConnection("Data Source=tcp:xxx.xxx.xxx.xxx; Initial Catalog=Server01 blCategories; User ID=sa; Password=xxx")
conn.Open()
Dim cmd As SqlCommand = new SqlCommand("SELECT Category FROM tblCategories;", conn)
rdr = cmd.ExecuteReader()
rdr.Close()
conn.Close()
End Sub
ERROR:
The follworing error occurs or variations of it depending on different connection string configurations:
Occurs at: conn.Open()
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: TCP Provider, error: 0 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.)
THOUGHTS
Possibly a bad connection string or Microsoft security issue.
I've attempted many other connection string formats such as:
Dim conn As SqlConnection = new SqlConnection("Data Source=xxx.xxx.xxx.xxx,1433;
Network Library=DBMSSOCN; Initial Catalog=Server01Test; User ID=sa; Password=xxx")
But I continue to receive connection failure messages (or invalid connection string errors for incorrectly formed connection strings).
I've tried disabling RRAS and Windows Firewall and the same errors resulted.
Any feedback would be appreciated.
View 29 Replies
View Related
Jan 15, 2008
Hi All you good people there...
Need a big favour.
I am working on a Linked Server using SQL server 2005.
My present requirement is that I need to have distributed qurey which will fetch data from out of LAN Sql Server databases.
I need to know these things at earliest.
1. How to expose SQL server (may be data or instance itself) over internet?
2. How can I add this internet exposed SQL server as a Linked server on my local SQL server?
3. How to prevent my exposed SQL server data from hackers, as I need it only for SQL to SQL interaction?
Any help is appreciated.
Are there any good sites/links to refer??
Thanks in advance.
Gauri Shenolikar
View 8 Replies
View Related
Jan 22, 2007
HI
Q1: Does Sql Server 2005 Express support Web/Internet to other SQL Server 2005 Express Clients or does it have to Synch across the internet to a fully installed setup SQL Server 2005 with IIS?
Q2: Does SQL Server 2005 Express support Direct Replication between other SQL Server 2005 Express clients?
Regards
View 5 Replies
View Related
Apr 14, 2006
Hi all !
I have a question regarding the security of SQL Server 2005 Express Edition.
What securities options that SQL server 2005 EE provide for its users?
I know that after I deploy my website to a hosting company or a web
server, my database file will be on the net. That means everybody can
type in the file name and download my database file then open it. Just
like that. For example, my database filename is EXAMPLE.MDF. then,
someone just goto my website, say
http://www.cool.com/app_data/example.mdf, and download the database.
To prevent that to happen, what the securities options that available to me beside putting password on my database file?
Thanks for taking time to answer my question. Any help will be appreciated. Have a good day!
View 7 Replies
View Related
Oct 11, 2006
Hi all,
Could anyone suggest me which is the recommended authentication mode for web applications with MS SQL Server 2005.
Also let me know how the new security features of MS SQL Server 2005 can be used for secured application access.
Thanks in advance
HHA
View 1 Replies
View Related
Mar 28, 2007
(1) To prevent unauthorised database access, is it ADEQUATE to delete / disable the BuiltInAdministrator login and the guest (database) user ?
(2) How can I delete / disable the BuiltInAdministrator login
in SQL Server 2005 Express ? It didn't allow me to disable or delete it.
(3) How can I delete / disable the guest (database) user
in SQL Server 2005 Express ? It didn't allow me to disable or delete it.
View 3 Replies
View Related
Jul 4, 2007
HI,
I am just starting out with SQL Server 2005 and really getting in a muddle with al the security stuff.
It seems i have LOGINS, DATABASE USERS, Server Roles, Database Roles, SCHEMAS and somehow they all tie in together. I am using Microsoft Press "SQL Server 2005 Implementation and maintenance" but it really isn't doing a good job of explaining it to me.
Can anyone point me to a reference that clearly explains all this stuff?
View 2 Replies
View Related
Jan 28, 2006
Hi All,
I have been building a database in SQL Server Express for some months now using the Windows level authentication login that has given me full access to everything in the database.
The time has now come where I need to create user accounts and grant permissions to specific stored procedures and I'm having trouble doing this.
Can anyone give me a brief rundown of the required T-SQL commands I need to set up a user account that can do nothing but run stored procs (not the system procs which apparently are being discontinued: http://msdn2.microsoft.com/en-us/library/ms182795.aspx).
So far I have:-
CREATE LOGIN db_test_user WITH PASSWORD = 'eXaMpL3Pwd
USE db_new
CREATE USER db_test_user
The above code executes successfully but when I try and connect (using Management Studio) I get error message 'The user is not associated with a trusted SQL Server connection (error 18452)' which means little to me.
I also tried creating a 'WITHOUT LOGIN' user for the database but could not figure out how to give it a password.
I don't know (/understand) roles/schemas and don't know if I really need them as I only need user access to specific stored procs. I don't ever want them to see the tables for example so they only need the most restricted access.
Can anyone help?
Thanks,
DG
View 2 Replies
View Related
Dec 14, 2006
I cannot block user access to tables. I have restriced accounts at theserver, database, group, schema, and table lavel and can still opentables right up.In other words, I have absolutely no security. Any ideas?
View 1 Replies
View Related
Jun 13, 2007
Does anybody have a link to either of these two documents. My company is getting ready to go through an audit and we need some firepower and to know what is expected. Any help with obtaining microsoft SQL Server 2005 best practices documents is appreciated.
-Kyle
View 3 Replies
View Related
Feb 27, 2007
Has anyone compiled a list of out of the box features to disable (like sql mail in 2000)? Or even just a general security checklist for 2005?
I'm looking for one similar to http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec04.mspx
View 1 Replies
View Related
Jul 3, 2007
Hi,
I wonder if SQL Server 2005 supports row based security?
I need to set some users to see data filtered by a specific field and value...
Example: User XPTO only sees data about vendor code = '123'
Is this possible in the box?
Best Regards,
View 1 Replies
View Related
Nov 5, 2006
Dear mems,
I have a problem, and i don't khow how to resolve, pls help me:
My server is Windows XP (not domain),
I work with SQL Server 2005, installed on my server,
I configurate my SQL SERVER connection is "Windows Authentication mode",
I add user "MyComputerguest" to MyServerSecutityLogins to accept connections from local network
I have many databases: Db1, Db2, Db3...
But, I don't know to configurate my SQL Server to achive these:
1) My clients using "SQL Server Managment Studio" connect to Databases Db2, Db3... on my Server, they can expand, modify, add new all Tables, Sp, functions of Db2, Db3.
2) My clients are not allow to access Db1.
2) My clients can add new Databases Db4, Db5, Db6... in the future and they have full permission on every Database which they create without my interfere.
Best regard,
View 1 Replies
View Related
Aug 20, 2006
if you run the following script it takes access from the windows admin from getting into sql server through windows auth. The issue is that the files that are attached logging as SA after that are read only. Is there any solution? When you try and switch the file to read write sql server gives an error saying that it cant read the mdf and ldf--gives a windows access error....
USE [master]
GO
IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'BUILTINUsers')
EXEC sp_dropsrvrolemember [BUILTINUsers], sysadmin
DENY CONNECT SQL TO [BUILTINUsers] CASCADE
GO
IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'BUILTINAdministrators')
EXEC sp_dropsrvrolemember [BUILTINAdministrators], sysadmin
DENY CONNECT SQL TO [BUILTINAdministrators] CASCADE
GO
IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'NT AUTHORITYSYSTEM')
EXEC sp_dropsrvrolemember [NT AUTHORITYSYSTEM], sysadmin
DENY CONNECT SQL TO [NT AUTHORITYSYSTEM] CASCADE
GO
View 4 Replies
View Related
Apr 10, 2008
I am not sure if this is the right place to post this but I need some help. We have an email server, with windows 2003 server, set up with SQL server 2005 and sql server management studio express which uses windows authentication. I noticed in the event viewer we keep getting an error under the application, "failure audit". about 25 a minute. The error says "login failed for user admin
The user is not associated with a trusted mysql server connection." followed by an ip address
(this username changes on a daily bases which makes me wonder if it is an attempted hack)
I have little knowledge of sql. How can I get this to stop happening. Event Viewer returns no results to help me fix this and I am having no luck researching it on my own. If there is any more info I need to provide, let me know. HELP!
View 3 Replies
View Related
Aug 7, 2006
Hi everyone,
I'm currently investigating the security improvements of SQL Server 2005. I've got some problems with the schemas introduced in SQL 2005 and security settings.
For my test I've created two schemas: UserManagement and Sales. A user "test" is attached to the UserManagement schema. There's a table Sales.Users containing a list of users (varchar) and a stored procedure named UserManagement.AddUser that can be executed by the UserManagement schema (GRANT EXECUTE, so "test" can execute the SP). UserManagement.AddUser simply inserts a new row into Sales.Users.
Because the Sales schema doesn't contain any user, nobody (except the sysadmin, of course) can do a INSERT/SELECT/DELETE in the Sales.Users table. As expected, the following SQL statement fails:
EXECUTE AS LOGIN='machine est';
INSERT INTO Sales.Users VALUES('Test User');
INSERT was not allowed: object 'Users', database 'test', schema 'Sales'.
The second way of inserting rows into Sales.Users is to execute the stored proc UserManagement.AddUser:
CREATE PROCEDURE [UserManagement].[AddUser]
WITH EXECUTE AS CALLER
AS
INSERT INTO Sales.Users VALUES('Test User');
The user "test" can execute this sproc without problems:
EXECUTE AS LOGIN='machine est';
EXECUTE UserManagement.AddUser;
(1 row(s) affected)To my astonishment the INSERT statement inside the stored proc does execute - although UserManagement.AddUser and Sales.Users are two different schemas. Why is that, is there a chaining happening? To my understanding SQL Server should test INSERT rights on Sales.Users for the UserManagement schema and deny the INSERT statement because UserManagement isn't allowed to INSERT in the Sales schema.
Any ideas? Help regarding the issue is greatly appreciated.
Best regards,
Alex
View 3 Replies
View Related
Jan 12, 2006
We have experienced an issue with back backup / restore of a database originating from SQL Server 2000 to SQL Server 2003.
We have the following setup:
SQL Server 2000
- DatabaseA
- asdfUser (SQL User)
- asdfUser is (dbowner) of DatabaseA
- DatabaseB
- asdfUser (SQL User)
- asdfUser is (dbowner) of DatabaseB
SQL Server 2005 Standard
-asdfUser is NOT Setup as a user yet.
-We restore DatabaseA and DatabaseB to the SQL Server 2005 Standard. The databases are restored with the security permissions of asdfUser being the DB Owner of DatabaseA and DatabaseB.
-We create a new SQL user named asdfUser on the SQL Server 2005 box. We then try to add the UserMapping of DBOWNER for the DatabaseA and DatabaseB. We receive an error message stating that the asdfUser already have permissions to the databases. We proceed with the user creation without those permissions.
-We proceed to the login properties of the asdfuser and view their UserMappings. The asdfUser does not have access to DatabaseA or DatabaseB. We then add the UserMapping of DBOWNER to both DatabaseA and DatabaseB. We Try to select OK and we receive an error message that states that the user already has those permissions.
-When we query the UserID's of the asdfUser that is in the database and the UserID of the asdfUser that is created, they are two different values.
I assume this is a bug... any word on a fix?
View 1 Replies
View Related
Nov 20, 2006
Hi,I have a ASP.net 2.0 web app which i want to run on IIS. It has a database file stored in APP_DATA folder. I have set "UserInstance" property to False, as want to access the same database file from another app, which can do its own modification. So basically i want the same database to be shared. Now after putting the web app on IIS i am getting error like :Login failed for user ''. The user is not associated with a trusted SQL Server connection.Any idea of how to solve this?
View 1 Replies
View Related
Oct 19, 2007
If I am posting to the wrong forum, please point me in the right direction.
We have upgraded to SQL Server 2005 and Window 2003 from SQL Server 2000 and Windows 2000, and have been having all kinds of problems with security of our web applications. We have been forced to put the system account of the web server as a user in the database in order for the web applications to work. We have lost the ability to control security at the user/role level. Is this the way security is going to work in Windows 2003/SQL Server 2005? How do I use integrated security so that I can secure web pages and database objects?
Thanks
View 4 Replies
View Related
Sep 11, 2006
Hello,
I have created one application in visual studio 2005 and also created setup project of that application. now i want to install SQL Server Express edition with my application. so i have checked SQL Server Express 2005 in Setup Project Properities(Prerequisites...). now i want to change SQL Secirty Mode during setup. and i don't know how can we do this?
Any idia?
View 6 Replies
View Related
Jan 14, 2007
Hi guys , is there any ways/suggestions for strengthen up the security for SQL server 2005 ? Due to several attacks from unknown places to my database's server , so I would like to get a way for increase the SQL security. Hope able to gather some info from web as well. Thx a lot guys.
Best Regards,
Hans
View 5 Replies
View Related
Oct 5, 2007
We recently moved from SQL 2k to SQL 2K5 and existing application stopped working with following error message.
[DBNETLIN][ConenctionOpen (SECCreateCredentials()).]SSL Security error.
The code used to make connection is as below.
Option Explicit
Const NewConnStr = "Provider=SQLOLEDB;Persistant Security=False;User ID=%DBUser;Password=%DBPassword;Initial Catalog=%DBName;Data Source=%DBServer,%DBPort;Network Library=dbmssocn"
Dim oConn
Dim sConnStr
Dim sServer
sServer = "SQLSERV01"
Set oConn = CreateObject("ADODB.Connection")
On Error Resume next
sConnStr = Replace(Replace(Replace(Replace(Replace(NewConnStr, "%DBUser", "test1"), "%DBPassword", "test1"), "%DBName", "model"), "%DBServer", sServer), "%DBPort", "1433")
Call oConn.Open(sConnStr)
This script runs under stripped-down Windows enviornment (Windows PE) with very basic components (i.e. no GUI, only command-line interface). I am trying to find out if there is any client side setting to bypass "self-generated SSL ceritificate" on server. I have tried all things on server side from disabling shared memory protocol, setting "Force Encryption" property etc. Could somebody help me with name of this property?
Also, is it possible to not use self-generate certificate on server. We don't want any kind of encryption for SQL connections.
Thanks..
View 7 Replies
View Related
Sep 19, 2007
It appears that I have a machine where the SQL Server 2005 Security groups were deleted, now I am unable to change account settings in configuration manager ( I get a WMI provider error ). Is there any way to recreate these security groups without uninstalling and reinstalling SQL Server?
View 3 Replies
View Related
Feb 3, 2007
Hi,
All i'm trying to do is open the object explorer window connecting to my local computer name, say it's called fred . It was working yesterday but now i've re-installed McAfee security centre, i can't connect.
Any help, much appreciated. Thanks.
Regards,
S_DS
View 6 Replies
View Related