Secure Remote Management On Shared SQL Server
May 19, 2007
I am trying to get my hosting company to provide a way to make secure encrypted connections from my desktop (where I am using Enterprise Manager and Aqua Data Studio) to their shared MS SQL Server.
I've seen some references to SSH, but I don't understand how this works or how the host would implement it. I also read that an SSL certificate can be installed on SQL Server, but it doesn't seem as if EM or ADS can make SSL connections to SQL Server. (In case it makes any difference for either of these solutions, the hosting company has port 1433 open, and will not close it because some clients connect to the DB server from web apps on their own intranets.)
Finally, if a web-based admin is used instead (like phpMyAdmin for MySQL), then which machine is the software installed on? Can it be on a web server that makes a local connection to the DB server or does it have to be on the DB machine? E.g., if I had a VPS or dedicated server at the same hosting company would I be able to install web-based admin software which would then connect to the host's shared SQL Server?
Anyway, my host is giving incomprehensible (to me) objections to all of these ideas. Is there a reasonably simple way to do this on a shared DB server?
View 1 Replies
ADVERTISEMENT
Apr 10, 2007
I've been provided with a server at a hosting company. The server is running W2K3 SP2 in its own workgroup (i.e., non-AD) configuration, but is not behind any type of hardware firewall; there is no VPN in place, either. I connect to the server via RDP using an extremely long and complex password. I'm using the newest version of the RDP client. The article "Hacking RDP" and the ensuing reader comments (http://mcpmag.com/columns/article.asp?EditorialsID=1699) indicate that using RDP in this fashion is relatively safe.
I installed SQL Server 2005 SP2 on this server. I set server authentication to 'SQL Server and Windows Authentication mode'. I created one obscure SQL Server login, using another extremely long and complex password. I also disabled the login for the 'sa' account.
Since installing SQL Server on this server, I've noticed thousands of Failure Audit events in the server's Application log:
Source: MSSQLSERVER
Description: Login failed for user X
where X equals 'administrator', 'root', 'server', 'database' 'sql', 'sa', etc.
These failure events occur almost non-stop, about a dozen per second, and come from a small pool of unknown IP addresses. The IP address seems to change every few hours. I'm guessing that someone is hoping that one of these names is an actual SQL Server login and is trying a brute-force attack to try to stumble upon a matching password. None of these logins are valid, but it's still disconcerting. Is this anything to be concerned about? I could have the hosting company block the IP addresses, but that seems like a losing battle.
Lastly, I used the Surface Area Configuration tool to allow local and remote connections, using TCP/IP only--so that I could begin interacting with this SQL Server from my PC, using both SQL Server Management Studio and my own Visual Studio code. For each method, I'm using the obscure SQL Server login that I created earlier--the one with the extremely long and complex password. How (un)secure is my traffic to/from this SQL Server? I don't believe that my credentials are encrypted, but I'm not sure how much of a risk this is nor do I know how else to more securely connect to SQL Server.
Given these circumstances, is there any way to make this resource more secure? Thanks!
View 9 Replies
View Related
May 8, 2007
Hi guys
I'm writing a C# application which connects to a local SQL database for data access. The application connects to SQL Server through windows authentication, but opens up the port and sqlbrowser to others on the network wanting to access the database through SQL Server authentication, and also allows remote users to connect to this server remotely if they have the login and password (and because the port is already open)
I understand this is not secure and open to attack, and am unsure of how to secure these processes without blocking these three types of access, from A.) the local user, B.) the network user and C.) the remote user across the net.
Have researched this a fair bit, but get somewhat lost amongst all the jargon.
View 6 Replies
View Related
Nov 23, 2005
Can any one help - my Full text catalog on a remote shared sql server hasdied and i need to recreate it completely - I have done this before but i'velost the code to do it.If I remember right what i did was use start --> run --> to run an exe in themssql folder that connected to the remote server - but i've lost all theparameters I needed for it.ANy help much apprectiated
View 1 Replies
View Related
Mar 29, 2007
Hi,
I want to backup and/or have a local copy of my DB which is on a shared host. I have an ip addreess and user/pwd, but I am at a loss to find any help for the steps to accomplish this in Management express.
Am I using the right tool?
View 4 Replies
View Related
Jul 18, 2006
Dear all,
I now have 2 server, say serverA and serverB. ServerA has a SQL server and I am using a command in the SQL server to access the serverB. The command is:
declare @command varchar(500)
set @command = 'mkdir ' + '"\serverBabckevin_wong123"
exit'
exec master.dbo.XYRunProc
'cmd.exe',
'c:',
@command
where abc is a shared folder in serverB which can be accessed by serverA. However the output of this execution is "c:> mkdir "\serverBabckevin_wong123" Access is denied". It is possible to do this in command prompt. Does anyone know what's the problem of this?
Thank you very much!!
Kevin
View 1 Replies
View Related
Mar 10, 2004
Hello all,
An ASP.NET website hosting service allows the use of Enterprize Manager to manage the backend database of a hosted asp.net website. This is not done across a VPN and I don't think it could be done on SSL so the question is : How Secure is that? would this be ok for learning but not Ecommerce? Or is it an encrypted session and I paranoid?
-Thanks
Heywade
View 1 Replies
View Related
Nov 3, 2006
Hello, everyone:
I want to write a query to check a remote shared drive. The shared drive is mapped as T drive in my local. I run the statement,
EXEC master.. xp_cmdshell 'DIR C:'
It works. If I change to T drive like,
EXEC master.. xp_cmdshell 'DIR T:'
It dosen't work and returns,
"The system cannot find the path specified."
But I run DIR T: in DOS prompt, it works.
Any help will be great appreciated.
Thanks a lot.
ZYT
View 4 Replies
View Related
Apr 16, 2001
One of my clients is upgrading to Sql 2000. I currently administer her server using a SQL 7 interface but I will need to upgrade that interface to sql 8 now to be able to give her the same level of support. How do I go about installing the required clients on my desktop in such a way as to not interfere with my own installation of MSDE?
I use Windows NT workstation 4. If I have a choice do I install developer's edition of SQL2000 or personal edition?
We also have pcanywhere access but this is too slow and unsure for my money.
Thank you,
Bo Graham
View 1 Replies
View Related
May 15, 2006
Hi,
I have installed an ASP.NET 2.0 application which uses a SQL Server Express database file on a client's network. I am able to connect to my client's network remotely over the internet. I would like to know if there's a way - and if so, how - to manage the Database file remotely.
I have VWD Express, SQL Server Manager Studio Express and a trial version of SQL Server 2005 on my development machine.
Thanks very much.
Regards
Gary
View 3 Replies
View Related
Jul 20, 2005
As a Sys Admin, I was wondering - if I have admin rights to a Win2k machinethat is hosting SQL Server 2000, do I have the ability using anycommand-line tools such as OSQL or ISQL to add, delete, or change accountsregistered in SQL Server for the various databases if I don't have access toa specific account within SQL Server?I ask, because the question that came up was - what if we have a DBA leaveunder less than amicable circumstances? Could I, someone who has adminrights on the machine, be able to log into that machine remotely and somehowvia command line (I don't maintain active SQL clients centrally), change theSA password, remove an account, and/or add an account with sysadmin rights,etc?Thanks in advance for any help -
View 3 Replies
View Related
Apr 7, 2006
How does one access a remote SQL Server from the web browser?
Thanks,
-Conrad
View 1 Replies
View Related
Jun 20, 2007
Dear All,
I am trying to connect to a remote sql server 2005. So I have install the Microsoft SQL Server Management Studio Express. When I try to connect I get the error below.
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53). Can some one please help. I have even port no 1533 on my pc. Thanks.
View 5 Replies
View Related
Aug 28, 2006
Can I connect to remote SQL 2005 server through SQL Server Management Studio Express? I always get a error code 18456 when I try to connect to SQL 2005 server through SQL Server Management Studio Express. I'm sure I enter correct username and password!
View 3 Replies
View Related
Sep 9, 2015
I have a package that need to copy a file from a remote server using path like ipaddresssharedfolder..now, inside of Microsoft data tools, everything runs fine, because y access to those folders on the windows sessions and enter my credentials. however how to I set up the package to use my credentials on the remote server?
Without it, I got error Executed as user: NT ServiceSQLAgent$RETAIL_PRO.and this user does not exists on remote server. so got access denied. error.
View 4 Replies
View Related
Apr 18, 2000
Hello!
My login is dbo for a database located at a remote server(SQL server7.0).Can I run the stored procedures of that database by accessing remotely.Also I have to manage that database from here,what limitations that I will have if I am not an SA for that server?Any help is appreciated.I am operating from NT workstation4.0.
View 1 Replies
View Related
Aug 31, 2006
Hai All
How to insert and delete records from a table in the remote database?"
I want it to be done through a tool that used LDAP Servers.
I want tools for the LDAP .
Thank u Advance
Regards
Sunil
aboutknowledge@gmail.com
View 2 Replies
View Related
Feb 20, 2006
I am not able to connect my local SQL Server Management Studio to a remote server hosting our Integration Services. I get the infamous "Access Denied". I have walked through Kirk Haselden's howto at:
http://www.sqljunkies.com/WebLog/knight_reign/archive/2006/01/05/17769.aspx
but the problem persists.
Thanks for any help.
Keehan
View 8 Replies
View Related
Nov 11, 2005
hi
this is my 1st time on this forum, I need to keep my DB secure on SQL server, that no body can enter into my DB and couldnt see my tables and other elements of DB.
Regards
AHK
View 2 Replies
View Related
Feb 20, 2004
When I'm getting data from sqlserver using ado.net and a sqldataadapter, are the resultant network traffic packets secure? If I wanted to deploy my objects at a remote site, would I still be safe going straight to my sql server from there or should I build a web service and then auto generate 'remote' versions of my objects that will then communicate to the web service on https?
thanks
pat
View 2 Replies
View Related
Apr 18, 2007
Is it secure setting ftp on the server so that i can use this ftp task in ssis.
I want to get some files located on the sever to my machine.
right now it does not work.
Is it safe setting ftp on the server???????
View 1 Replies
View Related
Sep 25, 2007
Greetings all,
Please allow me to describe my setup briefly and then I will jump into my problem/questions. I am trying to setup a shared hosting/DB type environment in a secure manner. I have two Windows Server 2003 boxes where Machine 1 is the DB server (MS SQL Server 2005) and Machine 2 is the web server (IIS 6.0). The web server may ultimately have 5-6 different customers (web applications/domains) on it.
In order to keep an exploit/poor code in one customer's application from accessing the files of another, the server is being setup so each website instance runs with a different low-privileged domain account (in Domain Guests). For example, for Website 1, the Directory Security will be setup so it runs with DOMAINIUSR_website1 and for Website 2, the Directory Security will be setup so it runs as DOMAINIUSR_website2. Both of these accounts are in the Domain Guests group and no other groups. This was chosen so that the DB used by each websites on the SQL Server could have read/write permissions granted to the appropriate user. On the web server the SYSTEM DSN is setup to access each database. This way if there is a DB setup with permissions for IUSR_website1 and it gets called by IUSR_website2, access will be denied. If I ran each website instance as the same user, they could in theory still called this DSN and access someone else's database.
Now here is the problem I get. First, the website access works just fine with it setup as the Domain Guest user account. However, when I go to the called the System DSN for DB access I get this error:
---------
Microsoft OLE DB Provider for ODBC Drivers error '80040e4d'
[Microsoft][SQL Native Client][SQL Server]Login failed for user ''. The user is not associated with a trusted SQL Server connection.
/login.asp, line 7
--------
Line 7 of login.asp is as follows:
objConn.Open "DSN=DSN_CTO_SQL"
--------
So it appears there is something that is failing here. For troubleshooting purposes I have taken that IUSR_website1 account and placed them into the Domain Users group instead of Domain Guests. This fixes the problem. However, it's not the most secure setup to run the web/SQL stuff as a Domain User. Any ideas on why it works fine if the account is in Domain Users but not with Domain Guests? I even went to the registry key for HKLMSoftwareODBC and gave DOMAINIUSER_website1 specific read permissions. This did not fix the problem.
Can anyone make a suggestion or know what the issue is? How are people running secure IIS 6.0 + SQL Server setups for shared environments?
Thanks
Steven
View 6 Replies
View Related
Jan 24, 2007
I have some doughts when i am securing my MsSql Server 2005 report service project, Currently i have secured using windows authentication mode, Now my problem is how to authenticate the users using forms authentication and custom authentication method ? and how do i implement the access rights to the users (authorize the users )? Any idea ? has anybody got any smaple code or article ? thanks regards sujithf
View 3 Replies
View Related
May 1, 2007
We currently have a few reports running on a external website. The users have to log in to the website using their Domain Username and Password. Our network admin wants to move from simply http, to a secure https protocol.
My question is: Are there any conciderations for making this move? ...Will it break my reports?
View 1 Replies
View Related
Aug 14, 2007
Hi,
I am trying to deploy reports to my secure report server. When I attempt to deploy it's not authenticating me and I get an error:
TITLE: Microsoft Report Designer
------------------------------
A connection could not be made to the report server https://reports.******.com/ReportServer.
------------------------------
ADDITIONAL INFORMATION:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. (System.Web.Services)
------------------------------
The remote certificate is invalid according to the validation procedure. (System)
------------------------------
BUTTONS:
OK
------------------------------
I have checked my certificate and it looks okay.
Thanks,
Darren
View 3 Replies
View Related
May 17, 2006
my package requires a send mail task and i must use a secure non-windows smtp server. can someone please tell me how to configure the smtp connection manager so i can do this? thanks.
View 6 Replies
View Related
Aug 25, 2006
Hello,
My question is about allowing and securing connections to SQL Server 2000 over the internet. The company that I work for has an application server that several of our clients connect to via the internet using secure .NET remoting. Basically, the clients have a desktop application that they run that creates a remoting connection to our server software and we handle the server/database part. Anyway, one of our clients now wants to use Crystal Reports to run ad hoc queries on their data that is hosted on our SQL 2000 database server behind our firewall. Obviously, opening up a port in our firewall and allowing someone to run ad hoc queries on the database makes us all more than a little nervous about security.
Has anyone else here had to deal with this sort of situation before? We'd like to set up a secure, encrypted connection for this one client, but still keep it locked down for everyone else. Is it as simple as enabling encryption and generating SSL certificates for the client machine and our server? I've only been able to find a few resources that help with bits and pieces of the problem, never anything tackling the issue as a whole. If anyone has any thoughts, experiences, links, etc. to share it would be greatly appreciated. We are a small company and no one here has experience with this sort of thing.
Cheers!
Justin
View 4 Replies
View Related
Dec 5, 2005
Using SSIS to send file to FTP server...
View 10 Replies
View Related
Apr 5, 2007
I have recently installed the SQL Server Management Studio Express but I do not find Management Tools in order to create scheduled backups and shrinking of the databases. I was under the impression that this should be included in the Management Studio. I use the SQL 2005 Express for smaller customers who run the SQL on a desktop unit. I need a way to backup the data to a server machine for backup purposes. I have uninstalled and reinstalled to no avail.
View 7 Replies
View Related
Mar 21, 2007
Hi all,
I am developing an application for a big office which uses SQL Server 2000.
Apart from my database, on that server, there are two databases by other companies.
The administrator also has access to server but the client only wants him to backup the database.
I have two questions:
1) First of all (if it is possible) I would like to protect my own database from the other companies.
I don't want them to:
see the data in the tables (around 20 tables)
make changes to the stored procedures (more than 100 stored procedures)
be able to backup the database
2) The client will save sensitive data to the database (mainly currency amounts, salaries etc) which he wants to keep hidden.
I am using float type for these fields and I would like to make the data encrypted. I could do it for nvarchar fields but changing these float to nvarchar would be time consuming.
Thanks for your patience reading this!
Would really appreciate some help on any of these
Nicolas
View 4 Replies
View Related
Jan 14, 2015
I am a bit stumped by error generated when attempting to connect to the report url.
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The only thing I can think of is a certificate is issued to the server (all domain devices) via group policy by cert authority running on the domain.
If I check the bindings within Report Services Configuration Manager the certificate is referenced.
I have tried removing 443 but I am still unable to connect.
A neutron walks into a bar. "I'd like a beer" he says. The bartender promptly serves up a beer. "How much will that be?" asks the neutron. "For you?" replies the bartender, "no charge."
View 2 Replies
View Related
Apr 11, 2013
I have an issue with SMTP server " send mail task ". we see the following error [Send Mail Task] Error: An error occurred with the following error message: "The SMTP server requires a secure connection or the client was not authenticated.In SMTP connection manager what we should give in SMTP SERVER, if we use gmail id's in send mail task editor.
View 4 Replies
View Related
Jun 2, 2015
- When I disable "allow remote connections to this server" from server properties>connection page, I can still remotely connect to the server from SSMS...so what is the impact of enable/disabling it?
- what is the impact of changing the remote query timeout (on the same page) from default value?
View 4 Replies
View Related
