I am using mixed security on the SQL server and have an NT group 'NT_GROUP'.
The login for 'NT_GROUP' has been added to SQL server and has been explicitly granted access to only one database.
Using access database project (ADP), a user in the group is able to gain access to other databases (master, tempdb, msdb, etc.) as well.
It is very important to be able to prevent this access.
Thanks in advance for your help.
Hi €“
We have built a .NET on SQL Server application with extensive business functionality and security. It uses SQL integrated security to control logon and access to the database objects. There is business logic built into the .NET code, so I don€™t want any chance that users access the tables directly through a tool such as Management Studio - many users need update, delete, insert on tables in order to use the applications functions. With integrated security they can logon through SQL Management Studio and change data in the tables directly.
How are people who are using integrated security for their business applications preventing logons through unauthorized tools or applications?
Peter
I am trying to deny select,insert,update and delete to multiple tables with the same beginning table names. For example I have 55 tables with the table names beginning with CAL_MM_. Can I use 1 deny statement which will include all 55 tables? How can I use the wildcard? Thanks
View 1 Replies View RelatedI'm attempting to setup the defaco MS security for membership and roles, using a newly created database under SQL 2005 (not express). I created the database using the aspnet_regsql.exe utility and that worked fine. I created my provider connection string logging in as 'sa' wit the proper password. All that seemed to work okay too. However when I attempt to change any of the settings like setting the authentication type or enabling roles, I get the follwing error message: The following message may help in diagnosing the problem: Attempted to perform an unauthorized operation. at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections) at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath) at System.IO.File.SetAccessControl(String path, FileSecurity fileSecurity) at System.Configuration.Internal.WriteFileContext.DuplicateTemplateAttributes(String source, String destination) at System.Configuration.Internal.WriteFileContext.DuplicateFileAttributes(String source, String destination) at System.Configuration.Internal.WriteFileContext.Complete(String filename, Boolean success) at System.Configuration.Internal.InternalConfigHost.StaticWriteCompleted(String streamName, Boolean success, Object writeContext, Boolean assertPermissions) at System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext, Boolean assertPermissions) at System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.Internal.DelegatingConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.UpdateConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.MgmtConfigurationRecord.SaveAs(String filename, ConfigurationSaveMode saveMode, Boolean forceUpdateAll) at System.Configuration.Configuration.SaveAsImpl(String filename, ConfigurationSaveMode saveMode, Boolean forceSaveAll) at System.Configuration.Configuration.Save(ConfigurationSaveMode saveMode) at System.Web.Administration.WebAdminPage.SaveConfig(Configuration config) at ASP.security_setupauthentication_aspx.UpdateAndReturnToPreviousPage(Object sender, EventArgs e) at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)Anyone have any clue why this is happening? Do I need to add something to the database as far as users/roles go? I figured 'sa' would have free roam, but something permission-wise just isn't jiving.
View 2 Replies View RelatedI am looking for something that can detect unauthorized access to our databases. Something that can be used in a 10+ sql server environment.
I receive the following error when i call report server web service from an asp.net application:
"The request failed with HTTP status 401: Unauthorized."
Here are the IIS logs on the reporting services server. When i open IE and browse to the web service i provide my user credentials and i can access the web service just fine. However when i call the web service via my asp.net application it looks like my credentials are not being passed??
Browsing web services via internet explorer.
2008-02-11 21:26:13 W3SVC1836052065 HQSQLDEV1 10.69.21.140 GET /Reports/images/16fold.gif - 8080 triwestdbloom 10.69.21.140 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+WOW64;+SV1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322) 10.69.21.140:8080 200 0 0 15
Call from ASP.NET App
2008-02-11 21:26:13 W3SVC1836052065 HQSQLDEV1 10.69.21.140 GET /Reports/images/16fold.gif - 8080 - 10.69.21.140 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+WOW64;+SV1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322) 10.69.21.140:8080 401 1 0 0
Here is my code:
RSWebService.ReportingService rs = new RSWebService.ReportingService();
rs.Credentials = new System.Net.NetworkCredential(@"triwestdbloom",
"blah", "triwest");
//rs.PreAuthenticate = true;
//Get all folders
RSWebService.CatalogItem[] allItems = rs.ListChildren("/", false);
//Get only folders not hidden to the user.
List<RSWebService.CatalogItem> visibleItems = new List<RSWebService.CatalogItem>();
foreach (RSWebService.CatalogItem item in allItems)
{
Response.Write(item.Name.ToString());
}
Any ideas?
I am using .net 2005 as front end and Sql Server 2005 as backend, as i face the problem on client side when i installed my software it works properly but after some time i face this error "HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
Internet Information Services (IIS)" Also some time it shows me all records. Some time it disconnect the database connection so i can not understand why it happens like this, if somebody know then please help me out this bug.
Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.
View 9 Replies View RelatedOk. I tried this in the other part of the forum and i had about 100 views but no help, and no point in the right direction so i figured i would try here. PLEASE admins if this is the wrong forum for it, please move/direct me to the right one so i can get help. This is very frustrating
Im using Visual Studio 2008. I have the Sql server express that is install with the Visual Studio 2008. I created a new website, created a new database under app_data. Try to create a Database Diagram after making 2 tables and this is what happens.
"This database does not have a valid dbo user or you do not have permissions to impersonate the dbo user, so database diagramming is not available. Do you want to make yourself the dbo of this database in order to use database diagramming?" (Yes, No, Help) so i click yes
i get "This server does not have one or more of the database objects required to use database diagramming. Do you wish to create them?" (Yes, No, Help) i click yes (Mind you i am running visual studio 2008 as an administrator.
I get the error message. "Could not obtain information about Windows NT group/user 'BCOMPUTEROwner', error code 0x534.
My operating system is Windows Vista Business.
Please any help, point in the right direction. It would be greatly appreciated. Thank you
Applied Access security feature to a database using its Security Wizard. Procedure went smoothly.
Been developing a software using VB 6.0 using an Access database as the main data source. Haven't had any problem manipulating the database via VB, but recently attempted to modify the database structure via Access, but was unable to do so, because either my username or password is allegedly invalid. Tried all passwords I can recall, but unable to get through. Haven't been able to create a new database, either.
Development of the software and creation of the Access database is being done on a stand alone laptop, that may or may not have been a workstation in a network.
Any help to resolve this issue would be appreciated.
Napatan
I would like some clarification please...
I have setup Windows Authentication to SQL2005 using a group with a default database. The group has access to the default database.
Now it's my understanding, if I have a user that's a member of the group, idividual access does not need to be setup to connect to SQL Server. Users connect on the credentials of the group... Is this a correct interpretation??
Ex: Windows groupname = SQLConnect Default db = Anydb
Anydb has groupname SQLConnect connect permissions
Windows username = test1 (is member of SQLConnect group)
Problem: test1 trys to login but gets an error that they can't connect to default db...
Hello,
I'm new to ASP, but developping in Sql for years.
What we would like to have is that the user is accessing the database over it's own Windows Logon. Our triggers log quite some changes and are using UserName() for this. I've treid to force the IIS to accept Windows Integration only, the SqlDataSource users a connection that has Integrated Security = True. But when connection to the site i'm gatting error that there is no trusted connection for the user . (dot) ...
I suppose i'm missing something but could you give me a hint where to start looking..... THX
In the process of reviewing all Security access into our production servers, I found a user login name of 'BUILTIN/Administrators' with the type 'NT Group' in our production DB. I am not sure whether this Login was setup automatically when SQLServer was installed or it was setup by the administrator, who is no longer with the company? I was able to find out all the users in the Administrators NT group, but what threw me was the word 'BUILTIN' . Are there other Logins besides 'sa' that get setup during the install?
Thanks.
Helen
I am using Access 97 as a front end to access SQL 7 server on NT 4.0 server.
I've set up security model based on NT authentication only. Users have login right to login to SQL and they have public & dataread & denydatawrite access. They also have SELECT permission on a table object and have no permission to INSERT, DELETE and UPDATE.
When I use Access 97 to access a database, users are still capable of inserting and deleteing records in tables.
Am I doing something wrong?
Thanks, Michael.
I HAVE CREATED A SECURITY DATABASE USING A NEW WORKGROUP FILE WITH A NEW MDW FILE NAME. THE DATABASE ITSELF CONTAINS SEVERAL GROUPS OF USERS AND SEVERAL USERS. THE DATABASE WORKS AS DESIGNED.
THE PROBLEMS IS IF I OPEN THIS DATABASE USING THE SYSTEM.MDW FILE, THE DATABASE OPENS AND GIVE ME COMPLETE ACCESS TO EVERYTHING.
CAN ANYONE EXPLAIN WHAT IS HAPPENING.
ANY HELP WILL BE APPRECIATED
THANKING YOU IN ADVANCE
JOSEPH FORD
First of all, I have never done any web-based stuff, so if thefollowing sounds ignorant, it's because I am!So far all our SQL Servers are accessed only over our network and weuse Windows authentication. Now the guy I'm working with on thedesign of our next stuff wants the two new databases (a transactionalone and my data warehouse) to be additionally accessed by web-basedapplications via our company intranet (NOT THE INTERNET). How do weauthenticate under these conditions? The webserver machine will betalking to the SQL Server ones, i.e. the databases will each be on thetheir own separate boxes. Can the webserver be a "user"? If so,and we want the actual users to have different privileges, then theweb-based apps have to manage that? Or is there a way for theweb-based apps to grab the Windows user and pass it to SQL Server?
View 7 Replies View RelatedHow do I grant admin access to a windows account withou having them a part of the administrators group...
I need to give a user access to every report on the server and the ability to administrate the application side of the server but I cannot give them Administrative access to the machine as a whole. I added the user to the system administrators role in team services but this did not allow here to see all the reports. How does she get access to all the reports without being in the Windows local Administrators group?
Thanks
Chris
I need a simple way of capturing who updated what in an Access database.
User wants to know for each field in each table.
I think it's to much for Access to handle.
Any ideas?
A.
I'm creating an app that will connect to a central sql server 2005 (hosted on a Win2003 server with Windows Firewall on). I added sqlservr.exe and sqlbrowser.exe to the firewall exceptions to allow for remote connections. Now, an admin I know is telling me that this is not secure and we must configure those 2 exe's to only be accessed by certain IP addresses. I want to make sure the database is very secure, but this sounds like overkill. ??
Questions:
Is this necessary (to limit access to these 2 exe's to certain IP addresses)?
How would I be able to distribute my application to different users if this is so?
How can I make sure that the SQL Server won't get "attacked" or "hacked"?
Mel
Hi,
Im developing an application in Visual Web Developer with an MS SQL Server Database.
I have Visual Web Developer Express edition installed on my machine and i had MS SQL Server 2005 Express Edition and everything was fine.
However i need to use SQL Server Agent to develop a job and this is not included in the express Edition of Ms SQL Server 2005 Express Edition.
So i installed the 2005 developer edition of MS SQL Server.
Now Im currently getting the following error when i access the security page in the ASP.Net Configuration page
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
Anyone tell me how i can fix this error?
What kind of permissions do you need to be able to run a job created by another user or sa if you are not the job owner and don't have any sys admin priveldges??
View 1 Replies View RelatedDoes anyone know of a component or other mini application that can be run on the IIS server and allow IIS to access SQL Server 7 databases using Trusted Security.
Our security unit has required us to run SQL Server with Trusted Security so changing to Mixed mode is not an option. We are also not allowed to use Basic Authentication for Active Server Pages with IIS. IIS and SQL server are also on different machines.
We are looking into the possibility of trying to create a component that would run on the IIS machine to allow us to use Trusted Security to the SQL Server (in effect try to make it work the same way that the Cold Fusion product does).
Any help would be really appreciated.
Thanks
Is there a way to implement Access-like password protection on a SQL Server Express dataset?
The database will be deployed on individual's PCs with no centralization of control. I want to restrict users from being able to see table definitions, stored procedures, etc. Access-like password protection is what I want, but I don't see any similar feature within SQL Server Express. Am I missing something?
Is anyone familiar with how to enable remote access to SQL Server 2000? ...and what are you security issues surrounding this?
Any help appreciated.
Adamus
Ok, I know it's a really basic question but I'm hoping someone will humor me. Not being a database expert I am wondering what the basic security differences are between a SQL server db and an Access db. What makes SQL a more secure choice for confidential information over Access.
I know from a useability SQL is the better choice being a multiuser access platform but I am not familar with security mechanisms employed.
I appreciate any info on this.
Thank you.
I installed SQLE 2005 on vista home prem, and when I go to the studio and attempt to create a database, I get the message below. I am running under an admin account, but the system sees me as a standard user.
Do I need to re-install and tell the system to allow me to log on via. an ID/PW?
Is there a vista patch?
Should I re-install XP?
Also, not having this issue with the same SQLE version and an XP machine.
Thanks
TITLE: Microsoft SQL Server Management Studio Express------------------------------Create failed for Database 'test'. (Microsoft.SqlServer.Express.Smo)For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.3042.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+Database&LinkId=20476------------------------------ADDITIONAL INFORMATION:An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo)------------------------------CREATE DATABASE permission denied in database 'master'. (Microsoft SQL Server, Error: 262)For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.3042&EvtSrc=MSSQLServer&EvtID=262&LinkId=20476------------------------------
I get the following error message when i click the Security tab on my websites' Administration tool. All the other tabs are working properly.
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store. The following message may help in diagnosing the problem: An error occurred during the execution of the SQL file 'InstallCommon.sql'. The SQL error number is 1802 and the SqlException message is: CREATE DATABASE failed. Some file names listed could not be created. Check related errors. Cannot create file 'C:SAFETYDATABASEAPP_DATAASPNETDB_TMP.MDF' because it already exists. Change the file path or the file name, and retry the operation. Creating the ASPNETDB_652db56c1d7d4c9f94da67107d9c917a database...
Any help is appreciated.
Hi, this is my first post (hopefully of many) on this board. Just wanted to say a quick hello before I dive into my question. :)
As the title suggested, I have to develop a MS Access form app (yes, it has to be Access - I know it sucks) that will post and query data to and from a remote SQL Server db. While I have no problem linking the two through the default ODBC drivers, my question is security. Some (actually most all) of the data being passed back and forth is sensative information, and I would like to know the best way to keep it safe.
If anybody has any suggestions, instructions, or can redirect me to a good FAQ site on the subject, I would be most appreciative. I have already done a search on these forums for an answer, but have sadly come up short.
Thanks to all in advance!
I am getting the following message when trying to connect to a database (from an external application) that I have recently restored using my profile (Windows Authentication):
Connection failed:
SQLState: '01S00'
SQL Server Error: 0
[Microsoft][SQL Server Native Client 11.0]Invalid connection string attribute
Connection failed:
SQLState: '08004'
SQL Server Error: 4060
Server rejected the connection; Access to selected database has been denied
Connection failed:
SQLState: '28000'
SQL Server Error: 18456
[Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'xxxxaaaa'.
My profile (replaced with xxxxaaaa) has full access to the server and I can connect to every other database with no issues. I get exactly the same error if I try and connect using the SQL Authentication "sa" profile as well.
I want to Access External resources inside the CLR Code... But I am getting Security Exception
I have marked Assembly with External Access... here is the way I am doing..
I read articles and MSDN .. everywhere is written to use impersonation like
using (WindowsIdentity id = SqlContext.WindowsIdentity)
{
WindowsImpersonationContext c = id.Impersonate();
//perform operations with external resources and then undo
c.Undo();
}
In above case .. I tried both Windows Authentications and SQL Authentications ...
In case of Windows.. I am have a domain login to logon to my pc, while sql server is at another machine and Active directory is at different machine .. when connect to Database .. it says cannot find user Domainnameuser
and the SqlContext.WindowsIdentity is always null or it has exception User.Toked thew Security exception.
After that .. I tried to user custome Identity .. using IIdentity =GenericIdentity("UserName","Windows");
But there is now difference .. still same exception .. as given below..
[Microsoft.SqlServer.Server.SqlProcedure]
public static void MyProcedure()
{
Process[] p = Process.GetProcessesByName("YPager"); //Yahoo messanger exe .. a process
p[0].kill();
}
A .NET Framework error occurred during execution of user defined routine or aggregate 'MyProcedure': System.Security.SecurityException: Request failed.
System.Security.SecurityException:
at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
at System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException)
at System.Security.CodeAccessSecurityEngine.CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Assembly asm, SecurityAction action)
at DatFileGenerator.StoredProcedures.'MyProcedure'()
.
No rows affected.
(0 row(s) returned)
@RETURN_VALUE =
Finished running [dbo].['MyProcedure'].
How could I go ahead... what I should do to accompilsh the task...
Kindlly .. suggestions and ideas..
Thanks,
Muna
We have a situation where we need to restrict access to a sql server data file. That is, to prevent users viewing any tables, stored procedures, etc, in sql server or another tool. We are providing a our database as part of an application install to a customer's site which will run isolated on the customers network. However the application will have sql server logins and the system must still be able to execute stored procedures.
The setup unfortunately cannot be changed and we are trying to think of best implementations for this. Our customers are also working with competitors so we are very conscious about exposing our data structures to anyone outside of our company, hence trying to restrict access. If deployed to a sql instance on the customer site then they will have database administrator accounts on the server.
All:
I am writing an Internet/Extranet based (ASP.Net 2.0) web application that uses SQL server 2005 as the database. I am using forms authentication on my web application. I am also storing the connection string to SQL server in my web config file. The conn string is encrypted using DPAPI with entropy. I currently have created a SQL login account on my SQL server for use by the web application. This is the user ID I am using in my conn string. The reason for this is because all persons using the application will NOT have a windows login.
Here is my question: The login I created currently has defaulted to the "dbo" role and therefore has "dbo" rights to the database. I want to setup up this login account so that all it can do is execute stored procedures. I dont want this SQL login to be able to do anything else. In my application I am using stored procedures for ALL data access functions, via a data access layer in my application. Can someone guide me step by step as to how to setup this type of access for this SQL login.
Thanks,
Blue.
If I am posting to the wrong forum, please point me in the right direction.
We have upgraded to SQL Server 2005 and Window 2003 from SQL Server 2000 and Windows 2000, and have been having all kinds of problems with security of our web applications. We have been forced to put the system account of the web server as a user in the database in order for the web applications to work. We have lost the ability to control security at the user/role level. Is this the way security is going to work in Windows 2003/SQL Server 2005? How do I use integrated security so that I can secure web pages and database objects?
Thanks