SQL Server Security Confusion
Jul 13, 2006Hello,
i'm quite confused from SQL Server 2005 security permission granting. Could you be so kind and post some generic, compact, web source for this topic, please?
Thank you.
Hello,
i'm quite confused from SQL Server 2005 security permission granting. Could you be so kind and post some generic, compact, web source for this topic, please?
Thank you.
Hi All,
one thing always bothers me in passwords with SQL Server. See i created a User with username and password for Crystal Report user to access READ ONLY Data. and permission are set accordingly for this Login at SQL Server end for database. now i have to tell the user the username and password so he or she can create ODBC connection. in such case, what is purpose of password here. no matter we keep the password simple or hard to remember or guess, it won't matter. i can not even enforce user to change the password at next login as Crystal report gives no UI to do that.
what is exact philosphy.
I understand how we can set permissions for users for accessing data and what is the purpose of enforcing rules on password like Expiration or next login change password etc, but how will it work in above senario......!
Many Thanks,
Hi There
I have done the following.
2 Servers across the net work Server A and Server B.
I have created private keys at each and copied to public keys across.
I create an endpoint at each with validation by the certificates. I then create appropriate users and logins at each and import the public certificates with authorization to the users who have send permission on the endpoints.
That is transport security sorted and it works.
Now from what i have learnt from examples, to setup dialog security i do the following.
create a private key in each DB :
create certificate Store001DialogPri
with subject = 'Store001DialogPri',
start_date = '07/20/2006'
active for begin_dialog = on;
go
I then copy the public key to each server, create a user only in each DB and import the public keys with authorization on the user. And grant send to the appropriate servcies to the user.
I then create appropriate remote service bindings with this user.
Now this works for me. Everythign seems A OK.
However i am going thorugh the Service Broker "bible", and there are a ton of steps i am not doing but my setup works ???
Steps i am not doing for example is when i create the private keys in the DB i should authorize them to a user i create who is then gratnted CONTROL permission on the SERVICES.
Now i do not do this but everything seems to be working. I thought i finally understood dialogs security but now i am totally confused ?
Is what i am doing correct ? If so why are these all these additinal steps mentioned ? WHat am i missing ?
Thanx
HelloI am running a SP from the SQL Server Agent, the job has one step thatlooks like this.exec q_spr_inlevextsystemThis job fails with the following messageJob 'AutoInlev' : Step 1, 'Run the SP q_spr_inlevextsystem' : BeganExecuting 2004-04-05 09:00:00output---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------(null)Starting copy...(null)1 rows copied.Network packet size (bytes): 4096Clock Time (ms.): total 1(null)(0 rows(s) affected)Msg 8152, Sev 16: String or binary data would be truncated. [SQLSTATE22001]Msg 3621, Sev 16: The statement has been terminated. [SQLSTATE 01000]however if I run that exact commandline from queryanalyzer it worksperfectly.What does SQL Server Agent do different from query analyzer? this hasme totally stumped.regardsMatt
View 5 Replies View Relatedcaution: this is not doubt a stupid newbie question...
In creating vs.net 2005 website, I can add a sql database to my project and a mdf file is created. I can create data providers against this file, etc, just as though it were a database in a sql server instance. I can deploy this dbf file to my finished web site.
Also, I can attach to a running instance of sql server 2005 express, and do exactly the same thing.
I can also take my mdf file created in step 1 above, and attach it to a running instance of sql server express.
Now, I have delt with access databases, and sql server 2000 databases, so this dual nature of sql server 2005 express confuses me a little.
Why would I ever need to use a server instance of sql server 2005 when I can use a file based data file in my web apps? Is there an advantage to one or the other?
I had a thought that when using the file based method, I was actually still using the server based stuff, which would explain why the sql server express notification bubble pops up when I debug on the dev machine.
In any case could someone explain the difference and should I install sql server 2005 express on my deployment server?
thanks.
I trust you'll bear with an SQL Server newbie with what may seem a rather inane request. I am designing a web app in Web Designer 2005 Express with SQL Server Express. Unfortunately, I'm finding a little confusing with some of the data types when designing tables. I have tried to find information on the various Microsoft sites (general site, MSDN, here) and while I found one document that had a table comparing data types in different implementations of SQL, it wasn't at all helpful. Most of my confusion is with the various string and char types; the numeric types seem pretty straight forward for the most part. However, it might be helpful to know the difference between money and smallmoney/datetime and smalldatetime, particularly space/size information and formatting options (unless the latter is up to the interface). It would also be helpful to know which string/char types correspond to any counterparts they might have in, for instance, Access (with which I am already quite exprienced). Or any particular quirks or idiosyncracies they might have. I don't expect anyone to write a full tutorial, but if someone could point me in the direction of a good online doc, it would be most appreciated. You might well ask, why not use Access databases? I would answer...I like to learn new stuff!
Thanks much.
Hi all
I am trying to install SQL server 2000a I install per the instructions but when I go to plesk to create a SQL database I get the following error message:
Unable to create database: Unable to create database-dependent object:Database Microsoft SQL server is not running.
I am running a Windows 2003 duel processor server.
I would also like to know if I can upgrade to service pack 3a from 2000a or do I need to install service pack 2 first.
Also should I install service pack 4?
Thanks
Cruiser859
Hi,
I have studied a variety of online documents explaining built-in SQL Server 2005 encryption, and I'm a bit confused. Every encryption approach, it seems, ultimately replies upon a password that must be provided with queries to access the data. As an application developer, it brings up the obvious question: how should that password be provided? If I build the password into my applications, then it will no longer be secure. On the other hand, I can't possibly expect my users to provide a password every time they perform an action that requires unencrypting data. If I give that password out to 50 users, the password will become public information quickly, I am sure. We will also have to alter the password regularly. Plus several of my applications run as windows services, in which case the user (meaning the windows user under which the service runs) won't be around to type in password.
I have a better solution in mind. Is there an option to limit access to symmetric keys by windows identity? As a best-standards-abiding coder, all of my sql server access is done via Windows Authentication instead of SQL Server Authentication. Why not make it so that myorgjoe and myorgsally can access the symmetric key for a particular column, but nobody else? This way there is still a password involved, but it is now moved further up the application layers; it is the windows password that the user originally used to log into their machine to run the application.
Is there a way to make it so that access to symmetric keys (or asymmetric keys which encrypt symmetric keys) is decided solely on the basis of windows user identity?
Thank you for any thoughts!
Adam
It is clear to me that in order to be able to use certain SSIS components (for example the Excel jet provider) I must launch my packages using the 32bit DTEXEC located at Program Files (x86)Microsoft SQL Server90DTSBinn. However, when I do this it seems that there are other components of the package that no longer work as expected.
To test this I have created a simple package with two tasks (Run64BitRuntime is set to False):
1. Data flow task importing data from Excel
2. Execute SQL Task which does a simple select (select 1) from a Native OLE DB SQL data source (same SQL Server on which packages are stored). This task contains no input or output parameter.
When I try to execute the package using the 64bit DTEXEC, task 1 fails with the following error (as expected):
Code: 0xC0202009
Source: connection1 Connection manager "SourceConnectionExcel"
Description: SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x80040154.
An OLE DB record is available. Source: "Microsoft OLE DB Service Components" Hresult: 0x80040154 Description: "Class not registered".
When I execute the package with the 32bit DTEXEC, task 2 fails with the following error
Code: 0xC002F210
Source: Execute SQL Task Execute SQL Task
Description: Executing the query "" failed with the following error: "Attempted to read or write protected memory. This is often an indication that other memory is corrupt.". Possible failure reasons: Problems with the query, "ResultSet" property not set correctly, parameters not set correctly, or connection not established correctly.
Now here is the confusing part: When I change task 2 to use the .Net provider instead of the OLE DB the package works fine. According to the MS documentation, both of these providers are supported on 32 and 64 bit so am I missing something? One more thing to note: before I was able to use the 32 bit DTEXEC I had to re-register it as described in this KB article: http://support.microsoft.com/kb/919224
I'm using DTS for the first time and am having difficulty understanding some of its usage.
In essence, I have 70 tables which are on an ORACLE database. I've created the schema on SQLServer from an ERWin model. I now wish to use DTS to import the data into SQLServer. Of course there are referential integrity constraints. The DTS 'import wizard' seems oblivious of these and carries out the import in alphabetical order!
I'm now trying the DTS designer (which I don't fully understand yet). It appears that I have to create a workflow which moves the workflow from table to table in the order dictated by RI - this is not a trivial task! (I want point and click!!).
Are there any shortcuts I can take to have DTS automatically arrange the workflow in the correct order? Can I do it programaticaly? I don't want to have to fiddle with 140 'workflow' and 'success' links.
Cheers.
suppose i have enabled only AWE option in sql server but i didn't add 3
GB switch in boot.ini. in this case what will be the effect on physical memory?
Hi:
Can anybody tell me the advantage and disadvantage to use NT security for SQL Server 7.0? For a corporation with 400 users, what is your recommendation for the SQL Server security management. Thanks.
Joan
Hello,I am just getting reaquainted with programming and all. I work in GIS mapping and am having diffilculty using a ASP.net internet Map site and adding records to a needed database.I would like to be able to add records to a linked SQLExpress table when the user clicks on a map location. I adapted the following code snippet from an example that does what I would like only using an .mdb file.CODE: // create connection to database var connection; connection = Server.CreateObject("ADODB.Connection"); connection.Open("Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=OutdoorsExp;Data Source=NOLOGOSQLEXPRESS;"); status = "Can't access 'FishSQL' table."; // create recordset var recordset; recordset = Server.CreateObject("ADODB.Recordset"); recordset.CursorType = 1 recordset.LockType = 3; recordset.Open("dbo.FishTable", connection); status = "Can't append new record."; // append record for clicked location recordset.AddNew(); recordset.Fields("LongitudeI").Value = xco; recordset.Fields("LatitudeI").Value = yco; recordset.Update(); recordset.Close(); // release the .mdb file connection.Close();However, this does not add anything to the SQLEx table. What am I missing? I am thinking that it might have something to with the primary key.I had a table with way more columns then just lat/longs (as above) but only coded it to add data to the latitude and longitude fields. Nothing got added of course. Would have to add data to every field that doesnt allow nulls.How do I generate a random, unique ID for a primary key on the fly and for example add it to the appropriate column.Thanks you in adavnce for any insights.
View 1 Replies View Relatedhi
i'm trying to write a stored_proc which involves 3 tables. Product, Orders and OrderDetails
i want to return products that haven't sold for a particular month. So these products aren't in the OrderDetails table. When i try and run this i get some really random results. when i change the Orders.OrderDate value to different months, i get the same result when i shouldnt. but then when i add the Orders.OrderDate row to the select statement, i get 400 results and i dont have that many products. the extended amounts are just for my datagrid
ALTER PROCEDURE proc_Report_NoSales_Septasset nocount onSELECT Product.productID, Product.Title, Product.QtyOnHand, Product.Category, 0 as ExtendedAmount, Product.BuyPrice, 0 as ExtendedAmount2 from Orders, OrderDetails, Productwhere Orders.OrderDate > '2006-09-01' and Orders.OrderDate < '2006-10-01'and Orders.OrderID = OrderDetails.OrderID and Product.ProductID not in (Select distinct OrderDetails.ProductID from OrderDetails)/* Product.ProductID NOT EQUAL to OrderDetails.productID */and Product.productID <> OrderDetails.productIDGROUP BY Title, BuyPrice, Category, Product.ProductID, QtyOnHandORDER by TitleRETURN
any ideas
cheers!!!
hay friends
scene is that i wana read single multiple rows of a single column from a sql database and then want to shows those values in text box,,,
so plz tell me ho to do it.
By using data set ,,data table or what to use for this and how....
wll be waiting for ur coordination
I have built an application in web developer that has a sql data base in the App_Data
folder. It works locally fine.
I have uploaded it to my web host client successfully and it all displays. The web host is enabled
for asp.net. But the sql data base is not working....no information is getting from the web application into
my instance of sql in App_Data.
My web host has given me an e:/webs/mywebsitename.com/data/nameofdb.mdf
to alter in my web config connection string which I have done, but still not working.
I have also tried every version of this in connection string without success
Im just confused about the e: part................how is that going to get to my App_Data?
Can someone give me a quick overview of what the problem might be
richard
Hi All,I'm stumped. I've got a stored procedure with a number of input parameters, and working fine.I added two extra input parameters, FromDate datetime, ToDate datetime. I have not even included these in the SQL yet and just tried to execute the stored proc alone with manually inputting paramters, but I keep getting error: @FromDate: this input parameter cannot be converted.That surely means a formatting issue, so I copy and pasted a value directly from the database into this parameter field, and still get the same error. I've tried various formats, with single and double quotes, and without. But just dont know?And even when I populate these parameters in my code and call the stored proc, it returns no results either, even though I haven't included these new date paramters in the SQL select, so that means it was in error and no doubt a formatting issue on those date fields.format I used was: 17/07/2007 00:00:00 I tried to populate the parameters via the code as follows: Dim dt As DateTime DateFromTB1.Text = DateTime.Now DateTime.TryParse(DateFromTB1.Text, dt) SqlDataSource1.SelectParameters("FromDate").DefaultValue = dt I know there is an extra step for now (DateFromTB1.Text = DateTime.Now), this step will fall away and just parse the textbox.text field as entered by the user.Any help appreciated, thanks.
View 4 Replies View RelatedI've got this query and it use to work or at least I thought it did. Could someone please help me with it.
Thank you
SELECT CID, CompletionDate, MarkedExport, CustomerName, EditUser, RouteID, WorkOrder FROM RouteCustomer WHERE (CompletionDate IS NOT NULL) AND (ExportDate IS NULL) AND (RouteID LIKE '%' + ISNULL(RouteID,@RouteID) + '%') AND (EditUser IS NULL OR EditUser = '' OR EditUser = @EmployeeID) AND (MONTH(CompletionDate) = ISNULL(MONTH(CompletionDate),@Month))
The problem comes with in the WHERE clause. What I wanted it to do is if the user did want to use a RouteID critera then the user would speified one else it wouldn't, and it was my belief that the ISNULL feature in SQL was the answer for that. same for the Month. I believe the EditUser is fine the way it is written.
thanks to anyone that can help me with this.
Rex
When I try to run my application on our server I cannot connect to the SQL Server that's on the same machine (a named instance). I get the SqlException:Login failed for ("null") user. Not a trusted SQL Server connection. I CAN however, connect to this database from the IDE on my laptop--the app works just fine.
I have reconfigured the IIS, the default site and the directory for the app: I turned off anonymous access, turned it on, changed users, changed passwords, etc. I have done the same for the database, added users, changed permissions, added permissions, etc., you get the picture...none of it worked. (I changed the connection string to those users/pwds)
I saw on an MS site that this error can occur under heavy loads...but that's not the case here.
Please help! Thanks!!
In Query Analyzer I have 2 connections active. In the first connection I have the following SQL Insert statement:
Begin Tran
Update Account
Set SomeField = 0
Where CustomerId >= 1000 And CustomerId <= 1101
-----------------
In the second connection I have the following SQL Insert statement
Begin Tran
Insert Into Account (Account,AccountName,AccountTypeRowId,CustomerId,U serId)
Values('MMM-989', 'Test Account', 1, 1098,207 )
-----------------
The query in the second connection will hang waiting for the query in the first connection to finish. The query in the first connection touches 767 records (out of a total of 9174).
If I change the Where statement in the first connection to "... And CustomerId <= 1100", the query in the second connection will execute immediately. The query in the first connection is now only touching 645 records instead of 767.
Could someone explain to me why this is happening?
:confused:
Here's my situation (SQL2K)
We have a testing database we're using to convert large amounts of data from 1 system to another. We might process 5-6 million records, but don't care about being able to recover point-in-time.
I set recovery mode to simple, do a full backup every night. I keep getting large transaction logs. I manually run Shrink Database when I realize the logs are big
What can I do to prevent the logs from getting big in the first place ?? Can I prevent logging from happening ?
I keep reading various books and BOL, but I guess I don't quite "get it" yet ......
Any plain spoken, detailed suggestions would be very appreciated .... thanks in advance.
I can map to a domain to the server where I have a sql Server database from my machine which is in another domin.
However, I cannot register the sql server with enterprise manager from the same machine. I am assuming that it is not a permission problem since I could not get the registration to work logging on as SA or with windows authorization. What should be looked at?
Here's an example of two tables I need to get results from.
Client:
Number
1
2
3
Patient:
Number - Client - Hospitalized
50 - 1 - E
51 - 1 - E
52 - 2 - E
53 - 2 - ''
54 - 3 - ''
The only result I should be returning is Client '1' as they would be the only one where ALL patients have an 'E' under patient.hospitalized.
How would I go about running a query such as this?
Any help would be greatly appreciated!
Shawn
Hi,
Can any of you folks take a minute to tell me why the results of the attached test are weird. I'm trying to come up with a method of allowing my business layer to interact with the data layer - specifically a nice, easy to maintain, but safe method of passing parameters without adversely impacting performance.
This is only a few of my sketchy ideas so far but I'm stuck because I cannot prove that using OR is slower than a straightforward = because each time I run the test the OR seems to perform better. Even changing the sequence in which the piece work still does alter the OR begin better than =.
And, of course, as that makes no sense whatsoever I cannto really progress.
Any thought would be appreciated. I hope I have altered the script enough that you can just run it straight in and see what I'm talking about. I only introduced the transactions to see if any of that stuff my be interfering.
Thanks.
I am testing out Synchronous Mirroring and have a question about failover. It seems the only way I can failover to the Mirror box is to log onto the Principal box and hit the Failover button? Is the whole point of mirroring to be able to handle the Principal not being available? Is there another way?
TIA, ChrisR
Hi guys,
Is it possible for a column in a table to have a clustered index & the same column to be a part of a non clustered covering index.
Please try this one.I am confused
Create table test
(
id int primary key,
name varchar(40),
age int
)
CREATE NONCLUSTERED INDEX testindex ON test (
id,
name,
age
)
sp_help test
After I do sp_help test it shows two indexes created, one on id & the other one on id,name& age as a part of covering index.
I am trying to find a group of clients that were entered last week. I am getting all the dates to go with the Monday of the week they were entered. i.e. If they were entered on 8-2 or 8-3, they go with 8-1. If they were entered, 8-9, they will be under the 8-8 Monday.
No problem with finding the Mondays using either the nice 'weekcommence' function I found here or using numerous t-sql examples.
One thing I don't understand is- how come I can't use an equal sign in my syntax?
For instance,
SELECT dbo.weekcommence(date_added)
FROM clients
where dbo.weekcommence(date_added) = dateadd(wk, -2, GETDATE() )
won't return any results. If I use a greater than sign, I get this week, 8-8 and last week 8-1. I only want to see the week of 8-1.
Now- look at what I have below: Shouldn't I really be able to see ONLY last week's Mondays with this?
select dateadd(wk, -2, dbo.weekcommence(date_added))from clients
To me- the way this reads is: show me 2 weeks ago, from these dates (first Mondays function).
The results are the last two MONTHS, not weeks. What am I misinterpreting?
I can also use this:
SELECT dbo.weekcommence(date_added) FROM clients
WHERE (dbo.weekcommence(date_added) >= dateadd("d",-7,DATEADD(wk, DATEDIFF(wk,1,getdate()), 0)))
and get the week's of 8-1 and 8-8. But I can't get JUST 8-1 if I take out the greater than sign.
To me- this one reads: Select all my Mondays from the function. Show me Mondays from my function that are = 7 days from this Monday's date.
It seems like it should be straightforward, but I'm obviously missing something big. Any help?
I have a DELETE statement that is taking ages. I was asked to look into it and immediately noticed the use of function on the column. So its doing a scan even though there is an index on the datecolumn.
HEre's the original statement:
Delete someTable Where datediff(year, DateColumn, getdate()) > 1
I have rewritten it as
Delete someTable Where DateColumn < dateadd(year, -1, getdate())
When I did a count(*) the counts from previous query didnt match with the new one. Did i miss something?
Perhaps a fresh pair of eyes might help me
thanks,
don.
Hi,I am Just beginning to get to grips with SQL Server v 7 security on a standalone win 98 PC.I have created a login which only has access to the pubs database and when Itry and connect to any other database (while using this login) I amcorrectly told that I don't have access. However, Enterprise Manager doesnot request a login and therefore the log in seems to grant full access toevery database.How can I get Enterprise Manager to request a log in?Thanks.
View 2 Replies View RelatedI am studying for the MSCE/MCDBA exam 70-229. In the book I am using("MCSA/MCSE/MCDBA Self-Paced Training Kit: Microsoft SQL Server 2000Database Design and Implementation Exam 70-229, Second Edition") I amlooking at the section on the ANY/ALL keyword.<QUOTE>USE PubsSELECT TitleFROM TitlesWHERE Advance > ANY(SELECT AdvanceFROM Publishers INNER JOIN TitlesON Titles.Pub_id = Publishers.Pub_idAND Pub_name = 'Algodata Infosystems')This statement finds the titles that received an advance larger thanthe minimum advance amount paid by Algodata Infosystems (which, in thiscase, is $5,000). The WHERE clause in the outer SELECT statementcontains a subquery that uses a join to retrieve advance amounts forAlgodata Infosystems. The minimum advanceamount is then used to determine which titles to retrieve from theTitles table.</QUOTE>I don't understand why this references the "minimum advance". If yourun the subquery on its own, it returns the following values:5000.00005000.00005000.00007000.00008000.0000NULL[color=blue]>From my limited understanding, the "ANY" keyword applies to at least[/color]one value, but which one? How is this determined?Any help gratefully received.Edward--The reading group's reading group:http://www.bookgroup.org.uk
View 4 Replies View Relatedhello everyone, I am kind of confused with MS SQL 2005. I have friends who have been developing with MS SQL. They told me that in order to have a MS SQL Server, one need to have a PDC.
This is really a problem since I am behind a Unix box acting as a firewall/gateway. AFAIK, to install a PDC means that DHCP comes with it and DNS. This is really a problem...
Is it possible to have a MS SQL server without having to create a PDC? If so, how do I connect to my database on an MS SQL server. I develop in VB. I would appreciate any help/tips... TIA :D
Hey everyone,
I am brand new to SQL and I need some help getting started how to learn about relational databases and how to make the databases via Microsoft SQL(I have visual Studios PRO) and access and use them via C#.
I believe that the program that I am writing will be significantly better with a database. What I am doing is making a program that stores user input. But each user input that a person stores can have a reference to another user input, hence why I think that a relational database to store this information will be work out well. I also just want to learn more about databases because I think that it will be a good step in me learning more about programming.
What I need from you guys is a point into a direction for a book or a specific spot in a website that will introduce and teach me how to design these relational databases via Microsoft SQL. I have programmed alot with Java and recently switched over to C#, using the .net framework and found it to be great. I need to find out how to make these databases but also how to connect and access them through my application that will be coded in C#. I have "Programming in C#" by O'Reilly but it really doesn't go in that much about SQL databases.
The question that I really have come from the limited knowledge that I have gained looking online and talking to my brother (progamming whiz). A database is managed by a DBMS and clients can interact with the DBMS to get to the database. The question to me is how does one interact with a DBMS through a programming language like C#. I guess I am just really confused at the this link. If anyone could point me into the direction of a book to answer these question but help teach me to apply it to my own program, I would really appreciate it. Thank your for time.
P.S.
I have found some books online but I dont really know which one I really need. One that I found is called "Learning SQL on SQL Server 2005". If you have read, I would appreciate your opinion. Thanks
Hi
I was hoping that someone will be able to explain to me what the difference is between these two queries, because i get different results when i run them.
I'm trying to count the distinct unique email addresses
Code Snippet
SELECT DISTINCT Prefix_code, Email
FROM tmpmedschemereal
WHERE email like '%@%'
AND prefix_Code = 'UNW'
GROUP BY prefix_Code, email
return 1939 rows
Code Snippet
SELECT DISTINCT Prefix_code, COUNT(Email)
FROM tmpmedschemereal
WHERE email like '%@%'
AND prefix_Code = 'UNW'
GROUP BY prefix_Code, email
returns 2006 rows
Why is there a difference, as far as i know they are suppose to return the same amount of rows, but there must be something that i misunderstand.
Will someone please be able to clarify for me what it is?