Hello.
Not an SQL admin. We have an SQL 2005 server that has about 5 DB's on it. One database is maintained primarily by a third party. Often when they need to do upgrades they login remotely to the desktop of our SQL server. Is there a way to apply permissions to specific databases like you would for NTFS? That way they can only backup their database and not do anything to any other databases? Thanks.
I want to know how I can protect my SQL Server database. SQL Server 2000 does not have Database Encryption feature and using only Authentication is not a fool-proof solution, as far as stand-alone desktop application is concerned.
Does password protection of SQL Server 2000 database really works when you have all types of cracking tools widely available on the net?
Hello!
I developed database driven .NET application and I need to deploy it. I faced a problem, which is "how to protect my database against direct access". I use MS SQL Server 2005 Express Edition as a DBMS and appropriate database.
I want to make possible to manipulate with data in my database only through my client application.
1. How do I define SA password and instance name in silent mode of MS SQL 2005 EE installation with Mixed type of Authentication?
1.1. Can I change SA password after the installation?
2. If my database be attached to my new instance... Is it possible to copy my database, attach it to another instance and get a direct access to its objects?
Is there solution that make impossible to connect to my database on third-partie's side Idirectly, without using the client application?
I appriciate for a help.
Is there a way to fire a trigger when a particular user
(with sql login) logs into sql server?
We are planning to use the above trigger to start a job which inturn records some inf.
Thanks.
I am using SQL Server 2012. I Want To Maintain all Type Logs In Particulars database or server. I want to track all Query Which Execute in Particulars Database. and all other activity?
View 5 Replies View RelatedHello all,
In my co-operation we have a database which users are making changes on it. What I am trying to do is;
I want to store all changes on the database, the user€™s information logs and I want to store it on a specific table. But I am facing a difficulty to make this.
For example,
if a user makes a change on the database, I want to store what kind of change does he/she makes, the time of the process and users information (IP address, login id) on another specific table thus I can store the process logs of my users.
In my testing I can store the user€™s login_id, user€™s ip addresses and the login info with using
sys.syslogins
sys.dm_exec_connections
sys.dm_exec_sessions
except storing the requested queries and the changes of the processes. Is it possible to store logs of the users? How can I do that?
I will be appreciated of your help.
Regards,
Rayd Abdou writes "hi all, i have an SQL server at my home and i think i got hacked from it :( and i really want to know what to do to secure the SQL Server from, disable permissions ?
what commands ?
Thanks for helping me..
Rayd."
Hi all,
I have been given a task of securing an SQL server 2005 that is currently open to SQL injection attacks. I have identified 3 main areas that I need to secure, these being:
1.Different SQL server logins - currently all database work from the site is performed using the sa account (don't ask me why they've left it so open to attack, I've not long started here!)
2.Custom error pages - to reduce feedback to a potential attacker on the database structure
3.Query Validation - any dynamically generated queries will be passed through a validator in order to possibly strip out any commands that we identify as those that an attacker would attempt to pass via the url.
Obviously, point number one is the big one. Based on this, my question is, what are the series of steps I would need to go through in order to;
a) setup a user login that has read access to many of the database tables (and execute access to some of them)
b) setup a user login that has read/write/update/execute access to other tables and stored procedures
I have read a lot about schema's, but I haven't had that many dealings with SQL server 2005 (yet), and haven't been able to find a step-by-step guide to setting up a schema/users and assigning permissions to them.
If someone could point me in the right direction of an "idiots guide to", that would be great, or if theres anyone that could list the steps I need to perform, that would be even better.
Also, if anyone has any other suggestions about how i could secure the server, I am all ears.
Thanks in advance,
Paul
Hi all,
What is the best way to keep the data secure in my SQL Server 2005? and what is the best way to secure the communication between the client application and SQL Server 2005?
Thanks,
Shyam
I have what some might consider a dumb question but I really don't know the answer.
Until recently all our .Net work ahs been hosted on our internal network and the Sql Server (2000) was not open to the outside. However recently our company is looking at hosting other outside SQL Server applications that require users across the country to connect directly to our SQL Server (not through an ASP.Net app).
The concerns we have is that ASP.Net runs on the NETWORK SERVICE account. If a user outside our network were to know the IP and name of onw of our databases could they connect with ASP.Net using a Trusted Connection or do trusted connections only work if the application is hosted on the same network?
One of the applications we are looking at hosting is showing a list of all databases on our server (I did find the article on modifying sp_MSdbuseraccess but that didn't seem to work) so if someone got a hold of this list would they be able to connect?
Thanks
Hi all,
Does anyone know were to find any articles/information on how to Secure Microsoft SQL 6.5 Server? . Apart from SQL online books
Panchal
Hi there,
I was wondering if anyone knows how to do it.
We have a couple of servers, each of which hosts tons of databases.
I am trying to write a script to check whoever has logged into any database within the past week, for example (not just the current users). I have tried 'sp_who' and 'sp_who2' but they are not meeting my needs.
Appreciated!!
When looking at SQL Server error logs, I noticed that the current error
log had grown to 1MB whereas most of the files are only a few KB.
QUESTION 1: Can I set the max size for an error log file? If so, how?
QUESTION 2: If not, is there a workaround?
Thanks
Hi,
How can we restrict the copying of MDF and Log Files.
Thanks
Avi
Hello,
I developed a small desktop system using SQL Server 2005 Express as the data backend. The machine that hosts SQL Server 2005 Express, as well as all the workstations that interact with it, belong to the same private LAN segment. All of them have non-public IP addresses from class 192.168.0... which means they're not directly visible from the outside world, despite having internet access through a router that does NAT. As we all know this is the typical scenario for sharing internet access in a small LAN.
Now, my concern is with the security of the host running SQL Server 2005 Express. In particular, what measures do I have to implement to minimize the risk that may come from the public internet ? It's naive to think that because the potential attack surface is NATted behind a router, security is guaranteed and data theft or DoS attacks won't simply happen.
What are the guidelines for securing SQL Server 2005 Express in a scenario like this ?
(Side note: SQL Server 2005 Express is running on Windows XP Pro)
Thanks.
Fernando
Hello,
We are currently live with a CRM solution (Siebel) that uses SQL Server 6.5 as the back end. All is fine and dandy, except I have some reservations about security.
Quite simply, it is possible for anyone to open up MS Access and link to any of the SQL Server database tables via the ODBC DSN used by the Siebel front end. This DSN is necessary for Siebel to function.
I am bit worried that someone (out of incompetence or spite) might do just that and cause some serious damage. Its probably technically beyond the large proportion of our users (especially those that could make mistakes!), but I can't get the nagging fear out of my head.
Does anyone know of anyway to combat this problem? I have scoured the web, including this site, and cant seem to get any information on this.
Thanks and Regards
Dike
i'm using the Enterpirse library logger to write logs into a database.
When choosing connection string i choose the database i want in the "connection properties" dialog box and
push 'Test connection' button.
everything goes well.
then i open the SQL Server Management studio express and connect to the databse to check some things,
from that point on , when i push the 'Test Connection' button in the Enterprise library i get the error:
"cannot open user default database. Login failed. login failed for user My'server/MyuserName'"
even when i close the sql server manager , it is still stuck - the connection test doesn't work anymore....
it only work when i restart the computer.
why ?
Hi,
Please give the T-SQL script for this ? Thanks
Shanth
OS: Windows 2012 Enterprise
SQL Server: 2012 Enterprise
I was wondering if there is any way all SQL Server error log entries could be automatically written to Windows Event Log.Â
Hi Gurus,i am having problems with restoring a ms sql database.i have restored the database using veritas to a different location('g:datafiles') in no recover mode.when i view the database through the Enterprise Manager, it shows thedatabase as silver icon (loading).i go to sql analyzer, and put in the restore commandrestore log myDatabasefrom 'mylog'with recoverythis produces an errorRESTORE FILELISTONLYFROM jobsServer: Msg 3206, Level 16, State 1, Line 1No entry in sysdevices for backup device 'mylog'. Update sysdevicesand rerunstatement.i look in master..sysdevices - no entry for mylog, but then no entriesfor the log files for any of the other perfectly working databaseseither.i do have a copy of the log files ('c:logfiles') in another locationi would like the following help if possible:* a way to update sysdevices with the log file i wish to apply to myrestored database so it will let my restore go through properly.* a way to specify to use apply the logs in 'c:logfiles' withouthaving to give the restore statement a logical name for the log files(which naturally won't be in sysdevices!)pls supply transact sqlmy thanksEdwina63(if wish to email please remove h from edwinah@)p.s sp_add_log_file_recover_suspect_db will not work in a partiallyrestored database
View 6 Replies View Related I have a set of disks allocated for a high performance SQL implementation that will entail lots of large queries. My question is do I allocate more IOPS to the logs or to the database?
For example, if I have a 10 disk RAID 1/0 and a 4 disk RAID 1/0 available, which do I allocate to the logs and which do I allocate to the database? Which will require the most IOPS?
Thanks!
Hi,
In my case I have to log the errors raised by any task in a package to either windows event log, text file or SQL server. Also I need to send an email notifications to a group of people telling them about the error.
Now can I use SSIS package logging for logging the errors into the required destinations. I mean right clicking on the package and selecting Logging, then adding the required log providers and enabling the events for logging into those. I think I have to upfront select the log providers to log the error, I will not have the liberty to log the error to the destination, the name of which is passed as a variable to the package. This is okay with me though.
Now what will a custom log provider help me to do in this case. Also can I somehow configure my package to call the send mail task everytime an error is raised.
Also, one more option can be developing a package that only does the error handling. It will take in the paramters or the error codes and descriptions, the destination to write to and a flag to send mail or not for that particular type of error.
What do you think? Kindly advise.
Thanks in advance for your help and time.
Regards,
$wapnil
This is my first time to deploy an asp.net2 web site. Everything is working fine on my local computer but when i published the web site on a remote computer i get the error "Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed" (only in pages that try to access the database)
Help pleaseee
Hi,
I've got a sitatuation where one of our sql databases appears to be frequently "starting". The log entry looks like:
Starting up database 'Database'.
And seems to occur at irregular intervals and does not seem to be inline with any other db activity....i.e. transaction log backups, insertions or reads.
This DB is fairly busy receving inserts from our PBX CTI software almost constantly.
Note this is the only DB on the server displaying this behaviour (we've got two named instances running with several databases in each).
Any help / pointers appreciated.
Rgds,
SLE
Hi,
I need to write a reporting app that process daily IIS logs that are averaging about 299MB a day!
I am considering using SSIS to put the log data into a sql server 2005 database.
Has anyone done this? Or does anyone know if it is possible? And without using the MS LogParser?
Thanks in advance and any help greatly appreciated!
Regards,
kitquo2.
I have a Development database and I want to roll it back to Monday morning. I backed up the database and used the command:
RESTORE DATABASE ITTEST
FROM ITTEST20040203
WITH NORECOVERY
GO
RESTORE LOG MyNwind
FROM ITTEST20040203
WITH RECOVERY, STOPAT = 'FEBRUARY 2, 2004 09:00 AM'
GO
The transaction logs have never been truncated.
But it does not seem to have worked. It this the best way to do a roll back the database or have I missed out something.
thanks.
Is there an easy way to monitor (audit) who logs onto a database ??Thanks for any and all help that is provided.Art
View 2 Replies View RelatedI have a Db that is 1.7 gigs. The table data takes approximately 200megs. The transaction logs were truncated. Where else can this large size be coming from and how can I confirm?
DB is generally small. ~25 tables, 100 SPs, 10 views, etc.
Note:
I have 4 queues using SQL Notifications, but when selecting from them results in no data.
Thanks
Scott
Hi guys, just wanna ask about the backup and restore database method. What's the best way for database and restore which able to view all the transaction logs after the database being restored. Currently I backup my database daily for recovery purposes. However, if I restore the backup file at another server and use SQL log application for viewing the prefer database's transaction log, it shows all the previous log had been truncated.
Therefore, I want to know is there any way that able to get the transaction logs after restore from a database backup file? Hope able to get any assistance here as soon as possible. Thank you.
Best Regards,
Hans
Hi,
I have a database created in server 2000, and now I have moved it to server 2005.
All works do fine, but there is a user which cannot be removed.
In the user properties window, the assigned schema is empty. The user is a db_owner of the database. When I was trying to update the user, it asked me for the login. The login is empty, but the field is disabled.
So my question is, how to remove this user?
Thank you.
Jensan
Hi, I am using ASP.Net 2005 with C# language and SQL SERVER 2005...
I am developing an web based application and have to deploy it on server.
I need to prevent my site from the SQL Injection and have to use some algorithms.
What is the best technique or method (Algorithm) in .Net ?
Give some measures to prevent from Hackers.
We are looking for a way to tightly secure the database of a product
being developed in MSDE 2k & C# so that even the db design
cannot be viewed or data retrieved through any migration tools.
The NetLib database security tool perfectly matches our requirement but
is overpriced. Any suggestions on the next best alternative?
Hi All,
I am currently creating a SQLServer 7 server. This server will be used to host customer databases that I will restore on to the server. However, I want to prevent these customers accessing any other databases on the server, apart from their own. By removing the public database role from each customer database, and granting them very limited rights (basically exec rights on their own Stored Procs)on their own db, I plan to limit them to their own db. However, my problem is this:
As you cannot remove the public role from the master db, a user could easily exec the following in a stored proc to read from the master:
Select * from master..sysusers
How do I prevent the users from accessing the master in this fashion.
Will removing every permission from the public role in master be enough?
Will removing every permission from the public role in master have any other side effects?
Will removing the public role from other user dbs be enough to secure them?
Any suggestions/pointers would be appreciated.
Gary.