SQL Server 2008 :: Masking / Replacing Sensitive Data In Database?
Oct 8, 2015when prod db is restored in test server, i have to hide/replace sensitive fields (name, phone etc)Is it doable in SQL 2008 and SQL 2012?
View 5 Replies
ADVERTISEMENT
How To Encrypt My Password Or Sensitive Data Before Storing Them In A Database , Using SQL Server 2005?[urgent Plz Help]
Jan 7, 2007Hi there ,1. i have a database and i want to encrypt my passwords before storing my records in a database plus i will later on would require to authenticate my user so again i have to encrypt the string provided by him to compare it with my encrypted password in database below is my code , i dont know how to do it , plz help 2. one thing more i am storing IP addresses of my users as a "varchar" is there a better method to do it , if yes plz help me try { SqlConnection myConnection = new SqlConnection(); myConnection.ConnectionString = ConfigurationManager.ConnectionStrings["projectConnectionString"].ConnectionString; SqlDataAdapter myAdapter = new SqlDataAdapter("SELECT *From User_Info", myConnection); SqlCommandBuilder builder = new SqlCommandBuilder(myAdapter); DataSet myDataset = new DataSet(); myAdapter.Fill(myDataset, "User_Info"); //Adding New Row in User_Info Table DataRow myRow = myDataset.Tables["User_Info"].NewRow(); myRow["user_name"] = this.user_name.Text; myRow["password"] = this.password.Text; // shoule be encrypted //not known till now how to do it myRow["name"] = this.name.Text; myRow["ip_address"] = this.ip_address.Text; myDataset.Tables["User_Info"].Rows.Add(myRow); myAdapter.Update(myDataset, "User_Info"); myConnection.Close(); myConnection.Dispose(); } catch (Exception ex) { this.error.Text = "Error ocurred in Creating User : " + ex.Message; }
View 3 Replies View RelatedSQL Server 2008 :: Merge Replication - Replacing A Subscriber
Mar 4, 2015We have a central office with a SQL2005SP4 server (yeah, I know... old as heck) that's the main database and it has multiple subscribers in regional offices. Well... one of the regional offices server is failing, and it needs to be replace.
The original server is an ancient Win2003 86x
The Server team will build a new Win2008r2 64x, and use the same name and IP address
And I'm tasked with the SQL part.
I'll be installing the same version/patch of SQL, but 64x instead, and migrate all databases, including the system databases.
How do I handle replication? Do I need to reintialize from scratch? or can I just use the backup as a starting point?
Transact SQL :: Data Masking In Server
Jun 23, 2015Our application running on SQL server 2008 since its storing confidential data we would like to mask the sensitive data in non prod environments.Currently I would like to mask data for one table and their 4 columns data. Basically I would like to know how to do this and how it’s being consumed by downstream systems?Are downstream needs to undo the mask data on their end?
View 5 Replies View RelatedThe Report Server Cannot Decrypt The Symmetric Key Used To Access Sensitive Or Encrypted Data In A Report Server Database
May 25, 2007
Hi every one,
I'm very new new at this. I'm try to deploy a report model and got this message. I have no idea what its going on about.
Can anyone help me?
Aku
------------------------------
System.Web.Services.Protocols.SoapException: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> Microsoft.ReportingServices.Diagnostics.Utilities.RPCException: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: Bad Data. (Exception from HRESULT: 0x80090005)
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.Diagnostics.DataProtection.ProtectData(Byte[] unprotectedData, String tag)
at Microsoft.ReportingServices.Library.ConnectionManager.ConnectStorage()
at Microsoft.ReportingServices.Library.Storage.NewStandardSqlCommand(String storedProcedureName)
at Microsoft.ReportingServices.Library.DBInterface.GetAllConfigurationInfo()
at Microsoft.ReportingServices.Library.RSService.GetSystemProperties(Property[] requestedProperties)
at Microsoft.ReportingServices.WebServer.ReportingService.GetSystemProperties(Property[] Properties, Property[]& Values)
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.WebServer.ReportingService.GetSystemProperties(Property[] Properties, Property[]& Values) (System.Web.Services)
------------------------------
BUTTONS:
OK
------------------------------
Fetching Case Sensitive Data From The Database
Apr 7, 2008S/W Technologies : C#.Net 2005, ASP.Net 2005, SQL Server 2005
Greetings everyone,
Heres my code for login verification, which is written in the login button click.
SqlCommand cmd = new SqlCommand("Select uid,pass from UserRegistration where uid='" + txtuname.Text + "' and pass='" + txtpass.Text + "'", con);
con.Open();
dr = cmd.ExecuteReader();
if (dr.HasRows) { <code......> }
Now, my problem is, the SQL Server 2005 is fetching rows without checking case. For e.g. if I enter a password as "MYSTERY" or "mystery" which is stored as "Mystery" in the database. The datareader shows positive in HasRows property. So, Can someone suggest me how to fetch case sensitive data from SQL SERVER 2005. Thanks.
Something/Someone Compromising Database -- Replacing Data With Javascript
May 19, 2008
Has anyone ever seen this code (I put the script tags in brackets so it would not get embedded in forum page)?
[script src=http://www.qiqigm.com/m.js][/script]
We have a number of MSDE 2000 databases running on a Windows 2003 SBS. These databases feed information to their respective websites. One of our databases (and on this one only) something or someone is somehow overwriting the text and varchar fields in all of the tables in the database and replacing it with the above or similar javascript. I've been a database developer and administrator for a long time and I have not a clue how this is being accomplished. When this code replaces our data, what ends up happening is 1) the virus detectors start going off the chart if you go to the site and 2) the script somehow appears to attempt to mimic the site its taken over.
When I do a search on qiqigm to see if anybody has had this problem before, really the results you get are pages and pages of sites that appear to be infected directly with the same bogus javascript code...and not a word about what it is or where its coming from. In our case, and it appears many others by looking, replacing the product description or title description or ordering information in the database causes the script to be written to the browser where otherwise the product/order information would be. This causes the script to run when the page is loaded. Since it overwrites the data in all fields in all tables, it assures itself that it will get displayed no matter what a user attempts to do on the site.
On this database, the only user that has access to the database is the IUSR_<domainadmin> account.
I restored this particular database a couple of days ago to an uninfected backup. I had done this before, but the script would eventually manifest itself again at some point. This time I have removed the ability to get to the product pages for now until we figure out the problem. This appears to be keeping the beast at bay. So far (2+ days), the database has remained in tact.
Anybody got a clue as to what it is I'm up against?
TIA,
Ray Jefferson
Database Whiz Consulting
2657 Windmill Pkwy #158
Henderson, NV 89074702-376-6955
SQL Server 2008 :: Change Text Format From Case Sensitive To Case Insensitive?
Aug 31, 2015How can I change my T-SQL text editor from text sensitive to text insensitive?
View 2 Replies View RelatedCopy View And User Defined Functions To Another Database Without Replacing Data
Mar 5, 2008I work on a copy of SQL Server Express on my desktop. After modifying and creating views and user defined functions, I would like to copy and paste them into the working database. Is there a method programmatically of doing this or must I copy and paste the t-sql language from the existing view to the new database--then save the new view on the working database?
View 6 Replies View RelatedMasking Data
Apr 18, 2008I have a column called study in a table which has the number of studies such as 10000 or 9934. I wish to display the result 10,000 or 9,934. I wish to put a comma in the numbers. How can I achieve this using a select statement.
View 5 Replies View RelatedMasking Of Data
Aug 21, 2007I one of the requirements, i have to mask the data of a column based on a security parameter. how do we do that in Ad Hoc reporting?
View 3 Replies View RelatedHow To Make Sql Server Data Case - Sensitive?
Feb 25, 2008Hii
I transferred data from Oracle to sql server 2005. Now what i want is to make data in the tables case-sensitive .(it has to be data inside the tables only and not table and column names).
what i tried is :
alter database test collate Latin1_General_CS_AS
But to my horror it made the tables name case-sensitive .
Plz help me out asap.
Thanx in advance
Supriya
SQL Server 2008 :: Inner Join Database Table With XML Data
Jan 25, 2011I have a XML data passed on to the stored proc in the following format, and within the stored proc I am accessing the data of xml using the nodes() method
Here is an example of what i am doing
DECLARE @Participants XML
SET @Participants = '<ArrayOfEmployees xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<Employees EmpID="1" EmpName="abcd" />
<Employees EmpID="2" EmpName="efgh" />
</ArrayOfEmployees >'
SELECT Participants.Node.value('@EmpID', 'INT') AS EmployeeID,
Participants.Node.value('@EmpName', 'VARCHAR(50)') AS EmployeeName
FROM
@Participants.nodes('/ArrayOfEmployees /Employees ') Participants (Node)
the above query produces the following result
EmployeeID EmployeeName
--------------- -----------
1 abcd
2 efgh
How do I join the data coming out from the above query with another table in the database, for example Employee in this case
i.e. somewhat like this (note the following query does not perform the join correctly)
SELECT Participants.Node.value('@EmpID', 'INT') AS EmployeeID,
Participants.Node.value('@EmpName', 'VARCHAR(50)') AS EmployeeName
FROM
@Participants.nodes('/ArrayOfEmployees /Employees ') Participants (Node)
INNER JOIN
Employee EMP ON EmployeeID = EMP .EmployeeID
My desired output after the join would be
EmployeeID EmployeeName Email Home Address
--------------- ----------- --------------- -----------
1 abcd abcd@abcd.com New York
2 efgh efgh@efgh.com Austin
SQL Server 2008 :: How To Insert Blog Data Into A Database
Sep 28, 2015I've never worked with a column that's defined as a binary data type. (In the past if ever we had to include a photo we stored a link to the JPG/BMP/PNG/whatever into a column, but never actually inserted or updated a column with binary data.But now I've got to do that. So how do you put data into a column defined as BINARY(4096)?
View 3 Replies View RelatedHow Can I Get The 'entire' Database, Structure And Data, From SQL Server 2008 To SQL Server 2005?
Jun 20, 20081) I can't get the 'copy database' function to work from SQL Server 2008 to SQL Server 2005. I connect ok. Everything goes to the last step and then it fails.2) I cant get a SQL server 2008 backup to restore on SQL SEerver 2005 either.
The only way I know that works is to script the creation of all tables then export and import. This does work.
How can I get the 'entire' database, structure and data, from 2008 to 2005?
ThanksSQL newbie.
SQL Server 2008 :: Capture Database / Server Name In A Derived Column To Identify Source Of Data?
Feb 1, 2012I am task with identifying the source database name, id, and server name for each staging table that I create. I need to add this to a derived column on all staging tables created from merging same tables on different servers together.
When doing a Merge Join, there is no way to identify the source of data so I would like to see if data came from one database more than the other servers or if their are duplicates across servers.
The thing that bugs me about SSIS Data Flow task is there is no way to do an easy Execute SQL Task after I select my ADO.NET Source to get this information because my connection string is dynamic and there is no way of know which data source is being picked up at runtime.
For Example I have Products table on Server 1 and 2:
Server 2 has more Products and would like to join the two together to create a staging table.
I want see the following:
Product ID, Product Name, Qty, Src_DB_ID, Src_DB_Name, Src_Server_Name
1 IPAD 1000 2, MyDB1, Server1
100 ASUS Pad 40 1, YourDB, Server2
get database name and server name in DATA FLOW only (without using a for each in Control Flow)
SQL Server 2008 :: Restoring Database - Delete Data From Partitions
Feb 20, 2015I am restoring a database with 10yrs worth of data which have monthly partitions but i would like to keep only 5yrs of data after the restore is done, what is the best/faster approach to delete the 5yrs data without deleting the partitions as that may cause the db in accessible.
View 9 Replies View RelatedSQL Security :: Data Masking Removed After Joining With Other Tables In CTP 2.1?
Jul 6, 2015I find that dynamic masking does not work on joining tables in SQL Server 2016 CTP2.1.
For examples, I create the following table:
CREATE TABLE [dbo].[HRM_StaffAppointment](
[StaffID] [nvarchar](11) NOT NULL,
[ApptSeqNo] [smallint] NOT NULL,
[ReportingDept] [nvarchar](10) NULL,
[Code] ...
Then I apply mask on StaffID and RankDesc.
alter [dbo].[HRM_StaffAppointment] alter column [StaffID] add masked with (function='default()')
alter [dbo].[HRM_StaffAppointment] alter column [RankDesc]
add masked with (function='default()')
When User A logged in and query on HRM_StaffAppointment, StaffID and RankDesc are perfectly masked. But User A can remove the masking using another table:
CREATE TABLE [dbo].[staffID](
[staffID] [nvarchar](255)
) ON [PRIMARY]
select a.*
from dbo.HRM_StaffAppointment as a
left join dbo.staffID as b
on a.StaffID = b.StaffID
It looks like a security hole to me, or I'm doing anything wrong?
SQL Server 2008 :: Recover Data In A Table - Restoring A Database Alongside Existing DB
Apr 17, 2015I need to recover some data in a table but i'm not 100% sure the right way to do this safely.
I'll need to query the two tables to compare the before and after but how do i go about restoring/attaching the backup database to SQL without causing conflicts?
If I restore, I assume this would just overwrite which is obviously the worst thing that can happen. if i attach the backup, how does this affect the current live DB? how do i make sure that it's not getting accessed and mistaken for the live DB?
The SQL server is 2008 R2 running as a VM.
Restore Of Case Insensitive Database To A Case Sensitive Database - SQL Server 2000
Jul 20, 2005Yesterday I received a response to my CI/CS Collation problem and therecommendation was to try and restore a CI Collation database to a CSCollation database. After creating a blank CS database a full restore(Force restore over existing database) does change the Collation toCI. I'm unsure as to how I can restore without changing theCollation. Any suggestions?
View 2 Replies View RelatedAnalysis :: Data Masking For Dimension Attribute Based On User In SSAS 2014 Multidimensional?
Jun 15, 2015I am trying to implement data masking based on user login and not sure why this is not working. I have the dimensions DimBrand, DimProduct and DimUser. I should mask the BrandCode with 'XXXX' nothing but in the report all the BrandCode should appear but few of the code will be masked if the user is not belongs to that group. I have a fact table FactProduct in this. In the cube I created all these 3 dimensions and the fact table. I created a new dimension DimBrandMask and I separated the code over there with a relationship with the actual DimBrand dimension. In the cube a reference relationship is set up with the measure group. Created a role with read access.
In the dimension data tab of role I put the below MDX to allowed set.
NonEmpty([DimBrandMask].[Brand Code].Members, (StrToMember("[DimUser].[Login Name].[Login Name].[" + UserName() + "]") ,[Measures].[Dim User Count]))
And in Denied Member set i put the below MDX
IIF( (StrToMember("[DimUser].[Login Name].[Login Name].[" + UserName() + "]"), [DimUser].[Access Right].&[False]), NONEMPTY( [DimBrandMask].[Brand Code].Members,(StrToMember("[DimUser].[Login Name].[Login Name].["
+ UserName() + "]"), [DimUser].[Access Right].&[False], [Measures].[Dim User Count])),{})
Note I created one measure group from the DimUser table and the measure [Dim User Count] is used in the above query.
I am expecting some result like below
Brand BrandCode Count
Brand1 b1 6
Brand2 XXXXX 5
Brand3 XXXXX 10
HELP! Case Insensitive Database On Case Sensitive Server
Aug 17, 2005We need to install CI database on CS server, and there are some issueswith stored procedures.Database works and have CI collation (Polish_CI_AS). Server hascoresponding CS collation (Polish_CS_AS). Most queries and proceduresworks but some does not :-(We have table Customer which contains field CustomerID.Query "SELECT CUSTOMERID FROM CUSTOMER" works OK regardless ofcharacter case (we have table Customer not CUSTOMER)Following TSQL generate error message that must declare variable @id(in lowercase)DECLARE @ID INT (here @ID in uppercase)SELECT @id=CustomerID FROM Customer WHERE .... (here @id in lowercase)I know @ID is not equal to @id in CS, but database is CI and tablenames Customer and CUSTOMER both works. This does not work forvariables.I suppose it is tempdb collation problem (CS like a server collationis). I tried a property "Identifier Case Sensitivity" for myconnection, but it is read only and have value 8 (Mixed) by default -this is OK I think.DO I MISS SOMETHING ????
View 4 Replies View RelatedSensitive Data
Sep 1, 2006Do you know of an code example that would find what databases and what tables have sensitive data such as ssn, name of individual, etc.
View 1 Replies View RelatedSensitive Data
Nov 3, 2006Hi all,
How can we protect sensitive data (custom properties) in a custom connection manager or a custom data flow component?
The SSIS Books Online indicates in the "Security Considerations for Integration Services" page that "If you write custom tasks, connection managers, or data flow components, you can specify which properties should be treated as sensitive by Integration Services". But how to do it programmatically? Are there any attributes that can be applied on custom properties?
Thanks.
Pascal
Replacing The New Version Of The Database
Aug 23, 2005Hi friends
I have a database where i need to replace with a new version of the same one.
Can anyone suggest the best possible and reliable way of doing that
regards
Vic
Vicky
Help - Replacing Data In Tables
Sep 4, 2005Need to update data from one table with data from another table.
I'm very, very new to MS SQL Server
I have the following two tables.
First table
tblEmp
Field - empno
Second table
tbltemp
Field - oldempno
Field - newempno
tblemp.empno = tbltemp.oldemno
I need to replace the data in tblEmp.empno with tbltemp.newempno where tblemp.empno = tbltemp.oldempo.
Thank you.
Replacing Data From SELECT/WHERE
Jun 26, 2001Hi, and tanks for taking time to read this question. I am still a novice at SQL (Server 2000)programming.
Is there a way to replace the contents of a column of a table derivied from SELECT and WHERE statements?
For example,
SELECT * FROM table1
WHERE column1 = 'text'
and replace 'text' with say, 'newtext'
Any help would be appreciated!
Regards,
Chandran
Make Database Case Sensitive
Apr 25, 2007How can I make my existing database case sensitive.
How to make SQL Queries also case sensitive from Application
ie:while running from VB,
Should work
rs.open"Select * from Employees"
Should Not work
rs.open"Select * from employees"
error should come as invalid table name.
DB Design :: Case Sensitive Database
Jun 19, 2015I have attached a database to my server.
I just found out that it is case sensitive.
The model database is case insensitive.
Is this setting set when I attached the database?
Don't Want To Display Sensitive Data In Columns
Oct 21, 2014I have a table. I have some sensitive data that I don't want to display that sensitive data. The columns I want to abstract are
Firstname varchar(50) not null
Latname varchar(50) not null
dob datetime not null
addressline1 varchar(50) null
adressline2 varchar(50) null
city varchar(50) null
postalcode varchar(20) null
I want to display null values as nulls empty as empty not null as numbers.
Anyone Use 2 Databases To Seperate Sensitive Data?
Nov 28, 2007I've got a customer who thinks their data should be sepeated and reside on two seperate databases in case one is compromised. Now I've never heard of anyone doing this and would like comments from the users here as to why this should/(shoult not) be done.
I'm assuming that they want to keep their general info e.g. name and address on one database and keep other (medical info) on the other db.
None of our db's are outside of the firewalls so to me this makes no sense but I would like feedback.
thanks.
Programmatic Access To Sensitive Data
Jan 18, 2007Hello,
I'm developing custom SSIS task (control flow component) which offers usert to choose ADO.NET connection.
I want to use this connection in my code and access SQL server.
There is no any problem unless connection is with IntegratedSecurity = true.
But, when user chooses to set username and password, I can not access password because it is not present in the connection string as sensitive information.
Package.DTSProtectionLevel is set to EncryptAllWithUserKey
I need to programmaticaly access to password, but I don't know which class to use from DTS (SSIS) object model.
Any help?
Thanks, Borko
Data In Sqlserver Is Not Case Sensitive
Aug 28, 2006I am facing problems as the data in sqlserver is not case sensitive. The data in parent key may be capital/lower case and the same data in the child table may be lower/capital case. While migrating the data from sqlserver database to other databases(like oracle) its giving error as the data not found in parent key, though the data found in parent table . This is just because the case sensitive in oracle. But according to my knowledge its better if the sqlserver also supports data case sensitive.
Take a small example
Need a table to store all the alphabets in a table
the table structure is
CREATE TABLE [dbo].[ALPHABET] (
[Alphabet] [varchar] (1) NOT NULL ,
[Description] [varchar] (50) NOT NULL
)
GO
The data is
Alphabet
Description
a
Small a
b
Small b
C
Capital C
A
Capital A
sqlserver wont allow to insert data 'A' and gives error "voilation of primary key", though a & A are different according to this table.
I tried with NVARCHAR datatype also. The same problem here also. Sqlserver atleast should support data case sensitivity for NVARCHAR datatype as this can store different languages. May be in other languages the entire meaning may be differ with case differences. Even in english language some words meaning will differ with case differences. For reference can refer english dictionary