sql server 2000
windows 2000
authentication is through the db (not windows).
I am attempting to limit access to one of our production sql server databases. I want to ensure that only application users can connect to the db, i.e they connect to the application and the application connects to the database (database access is transparent to them). The app uses a common login account.
I would like to prevent users from connecting to the db using ad hoc query tools or other EDIs (toad for sql server, ...). Currently there is nothing stopping them from doing so using the application acct/pwd.
I am contemplating writing a trigger that checks for the program that the user is using and if the program is not recognized, kill the session. Is this the right approach or is/are there any "out of the box" utilities that will do this for me?
FYI. the acct/pwd that the app uses to access the db is well known to users.
i am currently working on designing a database for a bank as a school project for my database class. We have to draw up an entity relationship diagram, Sql tables, database size estimate etc. I am currently working on the security portion of the project. I need to list the groups that have access to my application and use a grid format to show access to specific tables.
I am currently working on designing a database for a bank as a school project for my database class. We have to draw up an entity relationship diagram, Sql tables, database size estimate etc. I am currently working on the security portion of the project. I need to list the groups that have access to my application and use a grid format to show access to specific tables.
Role Loans Payments Transactions Accounts Customer Emplo Database Admin SUID SUID SUID SUID SUID SUID Branch Manager SUI SUI SUI SUI SUI SUI Internal Auditor S S S S S S Loan Officer SUID SUI SUI S S Tellers S S S S SU Customers U
I am developing an application that uses Access database (mdb file) to store the user data. The user of this application is not interested in the database file (to view in MS Access Environment). Does the user machine requires MS Access installation to run my application or just some couple of dlls (OleDB driver, Access DB Engine,..) should be enough to run my application?
Hi, Can anyone tell me how i can access an application or open tables in MS sql server that are in MS Access. Its urgent and any help will be appriaciated.
I'd like to create a relationship between two tables in sql server 2005, where a User can be a Partner and a Partner must be a User. So it 0-1 and 1-1. How do I enforce this relationship?
I will also be creating a view from this, will there be any problems when inserting data into the view?
I might aswell add that I'm actually working on asp.net's new membership and roles, so I don't want to change the default tables.
I have a reporting services application that needs to run reporting services without a user context. However, it will not pass the SSL check. I am using a self-signed certificate that is in the trusted certificates store. What I would really like to do is run reporting services without enforcing SSL (just not allow port 80 connections from the firewalll for security) and merely allow SSL connections when they come in so that any local programs can use reporting services without the need for SSL. As far as I know, Reporting Services (ISAPI filter?) is somehow checking the http headers and not allowing, at least an anonymous, a connection *unless* SSL is forced (WHY?). If my app redirects using the https://FQDN or http://localhost to reporting services it fails the SSL check.
Is there a way around this or can simply do something with the certificate store, like trusted certificates or publishers, so that my local programs can pass the SSL check?
I am trying to understand constraints and minimum cardinality.
In a relationship between 2 tables, t1 and t2, with a parent to child relationship of
1 to 1 or more how is the minimum cardinality enforced?
If both sides of the relationship require at least one occurrence, how would the insert be done? How can you insert into table t1 when it has a constraint that there must be an occurrence in table t2, or vice versa?
Any help in understanding this is greatly appreciated!
Are there any built-ins, utilities, ... within sql server 2000 that can be used to enforce password complexity in the database. i.e at least 8 characteres, upper and lowercase mix, includes at least on number and one punctuation (underscore,...).
I understand that this requirement can be achieved using windows authentication. Unfortunately we do not have that luxury (at the moment).
Running SQL2005 and on occasion I see durations of 928809 or even 2830562 in the trace for commands that usually run in the 7000 range. Reads are still in the 1200's even during the huge duration spikes. These are calls from ASP.NET ADO.NET and there should be a 30 second timeout on them by default to boot. I see a few other times that we've logged timeouts so I know the timeout is working at times but not at others. Any ideas what's going on both with the strange serious outliers and the fact that these queries aren't timed out properly?
I am experiencing problems with databases for the web application that i am developing. The problem is that I have transferred the database from access to sql which initially seemed to work ok. I am now however struggling to solve the problems with one of my fields titled 'notes'. The trouble is that in the original database the notes field contained different notes from different dates for each record, and each note is separated by carriage returns. It is the carriage returns that are now proving to be a problem in the sql database but i am not sure what to do. Any advice would be appreciated.ThanksDan
Hello all, We have a SQL database that uses a MS Access projectfront-end, which I am now creating an ASP.Net application for (And am completely new to so may be missing some foundation concepts). With the Access project I added Active Directory groups to the database to use for permissions, logins, etc. For the ASP app I have it set to use Forms authentication with Active Directory (ActiveDirectoryMembershipProvider). I can login to the app with the AD usernames/passwords but the connection from ASP.Net to SQL is using the ASP User. Is there a way to provide the authentication from the ActiveDirectoryMembership through to the SQL server, so the user: bobuser would be authenticated to SQL instead of ASPNETUSER?Or do I need to have the ASP.net app handle the permissions of which SP's a user can execute?Any help or suggestions are appreciated.Thanks,Jamie.
I have recently transfered data from MS Access to MS SQL Server 2000 and created user interface in MS Access Project (ADP). Now I need to secure the data on server and want to access it ONLY through interface I created in MS Access. Every user has to log in the application (user id and password). Users may have the same access rights to the server (so maybe just one account or whatever I need for all of them). Can anyone advice me how to set it up? To access sql server from MS Access I am using ADO.
(1) contains a for loop task (in which all the logic is contained) that loops through a particular folder for excel files WITHIN THE FOR LOOP: (2) pulls data from an excel file into SQL Tables(Data Transformation Task) (3) run stored proc to validate data (Execute SQL TASK) (4)ON SUCCESS of executing the SQL Task (Script Task - move file to success or reject folder based on value returned from sproc) (5)ON FAILURE of executing the stored proc (Script Task - move file to bad format failure)
NOTE: I have modified the MaximumErrorcount property of (1 FOR LOOP) and (3 EXECUTE SQL TASK) and the package itself to 0. In order to deal with badly formatted excel files...I do not want the package to stop for every missing tab in excel file or data entry error. I simply want the badly formatted file to be moved to a special folder
PROBLEM: on failure logic is never executed (I have 2 options after step (3)) on success do step (4) on failure do step (5) step (3) fails...then it simply iterates to the next file step 5 is never executed
Is this because I changed the maximumerrorcount property? What am I doing wrong witht he Precendence Logic?
I can't run my web application on remote pc which is connected in flan with my pc.It works on my local pc but it is not working on remote pc. i m geeting an error like as blowAn error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) i have used sql server 2000 for my database but i my getting error for sql server 2005 which i have never used in my web application.Here is the Exception detailsException Details: System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)i have used coonection string as followsData Source=neptune;Initial Catalog=azim;User ID=saso can anyone give me soluion of this problem
I have the below procedure with an output parameter '@rowcount'. Now My issue is how to access the value of '@rowcount' in my ASP.Net application using C#. I have also pasted my C# code which I am using . create procedure mypro1(@id varchar(10),@rowcount int output) as select * from canid where id like @id /* @@ROWCOUNT returns the number of rows that are affected by the last statement. */ select @rowcount=@@rowcount -------------------------------------------------- C# code to retrieve the output parameter valuecmd = new SqlCommand("mypro1", cn); cmd.CommandType = CommandType.StoredProcedure;cmd.Parameters.AddWithValue("@id", TextBox1.Text).Direction=ParameterDirection.Input; Parameter cout = new Parameter("@rowcount",SqlDbType.Int);cout.Direction = ParameterDirection.Output; cmd.Parameters.Add(cout); can some body assist me in the above code whether its right or what needs to be added to get the output parameter value.
Hi, Is there anyway I can impliment this in my application without installing it as a COM. My Web Hoster says they won't install it. The Data Access Application Block
Certain people in our company want to use Crystal Reports for data-processing. Problem is we want them to NOT be able to access data in databases within the live server.
Given that we use trusted connection to validate all kind of data-access, I am wondering if there is a way so that (via NT administration or via some SQL Server security features) the live-server can refuse any connection request from the Crystal Reports application. At the moment the same group of people are allowed access to database (and should remain to be so) on this "live" server via some other applications (e.g. Microsoft Access).
Hi there,I have written an application which uses MS Access for it's database engine.Due to the large size which the database has become I have decided that itwould be sensible to use SQL Server with the application instead.I am an extreme SQL Server newbie so I am not really sure what I'm doingyet! I have successfully downloaded and installed the MS SQLDE 2000 andservice pack 3.What do I need to do next? Ideally I would like to convert the existingAccess database to MS SQL Server format. Also I would like to know if it ispossible to create an SQL Server database from scratch using a guienvironment similar to Access and if so which software (preferably free) doI need to achieve this?Many thanks,Clive.
I have installed the SQL Server 2000 and its up running.
I can connect to the database direct as administrator, but my test application(asp.net 2.0) returns an exception.
SqlConnection sqlConn = new SqlConnection("data source=10.61.90.24;initial catalog=testdb;persist security info=False;user id=sa;pwd=data;Type System Version=SQL Server 2000;");
sqlConn.Open();
I receive this exception: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
I am writing a Windows Application which will be used by about 100 clients. (NT Authenticated)
The application is going to be used in a LAN enviroment. User who have access will download a VB.NET application from a web site.
Of course, I want to prevent any of the 100 users from using a tool such as Query Analysis or ODBC to connect directly to the database and modify data.
So, it appears the way to go is to the "Application Roles". For this to work, the application roll password has to be saved in the application to execute the sp_setapprole procedure.
Is there a way to secure this password? I am worried about a user somehow extracting the password from the application and connecting directly.
Am I on the right track here? Any ideas appreciated!
I am nearing the end of creating my Windows App for work. So I tried to publish it, that was fine until I ran the app, from the same PC as I use to develop, with the same login etc. However when I use the published app I can't connect, to the database, return to VS2005 and run my app from within there and no problems. It is SQLEXPRESS (SQL Server 2005), but I have checked the settings there are correct (I assume VS wouldn't connect otherwise).
Server (Win2003) and my PC (Win2K) are on the same domain
Using TCP/IP
I can't see how to enable JiT debugging despite the 'help' at the end of this error details... See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text ************** System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Connect(Boolean& useFailoverPartner, Boolean& failoverDemandDone, String host, String failoverPartner, String protocol, SqlInternalConnectionTds connHandler, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject, Boolean aliasLookup) at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open() at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, String srcTable) at TrainTrack.frmAddCompetency.frmAddCompetency_Load(Object sender, EventArgs e) at System.Windows.Forms.Form.OnLoad(EventArgs e) at System.Windows.Forms.Form.OnCreateControl() at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl() at System.Windows.Forms.Control.WmShowWindow(Message& m) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.ScrollableControl.WndProc(Message& m) at System.Windows.Forms.ContainerControl.WndProc(Message& m) at System.Windows.Forms.Form.WmShowWindow(Message& m) at System.Windows.Forms.Form.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
************** JIT Debugging ************** To enable just-in-time (JIT) debugging, the .config file for this application or computer (machine.config) must have the jitDebugging value set in the system.windows.forms section. The application must also be compiled with debugging enabled.
When JIT debugging is enabled, any unhandled exception will be sent to the JIT debugger registered on the computer rather than be handled by this dialog box.
trying to use MS Access Automation from within SQL Server 2000 .
Seems that OpenCurrentDatabase (Access Application property) just hangs...
Following, the code that is used:
--BOF--
--object vars DECLARE @w_object INT, @s_object INT
--error handling vars DECLARE @error INT DECLARE @src VARCHAR(255), @desc VARCHAR(255)
--execution vars DECLARE @command NVARCHAR(100), @property NVARCHAR(20)
--create an Access application EXEC @error = sp_OACreate 'Access.Application', @w_object OUT IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object, @src OUT, @desc OUT SELECT CONVERT(VARBINARY(4),@error) AS Error, @src AS Source, @desc AS [Description] RETURN END
--get default security level EXEC sp_OAGetProperty @w_object, 'AutomationSecurity', @property OUT SELECT @property AS default_security_level
--set application security level to low (no sandbox) --thought this would help, but no luck EXEC @error = sp_OASetProperty @w_object, 'AutomationSecurity', '1' --Low Security IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object GOTO Cleanup END
--Test security level EXEC sp_OAGetProperty @w_object, 'AutomationSecurity', @property OUT SELECT @property AS my_security_level
--check current user EXEC sp_OAGetProperty @w_object, 'CurrentUser', @property OUT --should be Admin SELECT @property AS current_application_user --it is Admin
--Open non password protected database, SET @command = 'OpenCurrentDatabase("C:mikros.mdb")'
--unfortunately this hangs... EXEC @error = sp_OAMethod @w_object, @command IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object, @src OUT, @desc OUT SELECT 'Failed to Open database', CONVERT(VARBINARY(4),@error) AS Error, @src AS Source, @desc AS [Description] GOTO Cleanup END
--Close current database EXEC @error = sp_OAMethod @w_object, 'CloseCurrentDatabase' IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object, @src OUT, @desc OUT SELECT 'Failed to Close database', CONVERT(VARBINARY(4),@error) AS Error, @src AS Source, @desc AS [Description] END
Cleanup: --close Application EXEC @error = sp_OAMethod @w_object, 'Quit' IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object END
--destroy Application Object EXEC @error = sp_OADestroy @w_object IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object END
I have a ASP.NET time sheet management application I designed - today I put it live on the webserver and recreated the database on my SQL 2000 server. When I attempt to view, all of the pages where I query the database I catch the error "SQL Server does not exist or access denied".
The concerning part of this is that I have tested the live database from my development PC (remote - offsite) and it works fine. This shows that the database that I brought over is intact and the user has the appropriate permissions. The only thing that I changed in the application when I copied it to the server was the connection string server name to reflect the location change.
The setup is as follows:
Development PC on a broadband connection running Windows 2003 server enterprise, SQL Server 2000 SP3a, Visual Studio 2003 Enterprise.
Web/Database/Email server running Windows 2003 Standard, SQL Server 2000 SP3a, Exchange 2003, Active Directory, DNS etc.
When I run the application on the Web server from a browser with local names ie. http:\SERVER1application I get the "SQL Server does not exist or access denied" errors. When I try to connect to the application on the web server from my development PC i get the same problem.
When I changed the connection string on my development PC to the webserver/dbserver it runs fine.
I don't understand how a local proccess is having difficulty authenticating to the database when I can access it remotely just fine.
My database knowledge are with MySql and Oracle, but recently I was asked to evaluate the migration of an existing (and maybe more) from ms access to sql server. My question is simple, if all of the sql are hard coded into the code ... how well this sql will work, I mean is the sql between access and sql server are plug'n'play ? However in any case, I always rewiew all of the sql.
First off, sorry if my cross posting offends anyone. I'm posting thisin Access and SQL Server groups - not sure which one is appropriate.I have a relatively simple ASP.NET/VB.NET application that is nowhitting an Access 2000 database over an intranet. We have to migratethe database to SQL Server 7. My experience with ASP.NET is prettylimited and my experience with SQL Server is nonexistent.We have an MSDN subscription, so I went to the downloads section to getSQL Server 7. Guess what? SQL Server 6.5 is available, as is 2000 and2005, but no SQL Server 7. So my first question is, does anyone know ifit is available for MSDN subscribers?The next question is, does anyone know of a good resource that explainshow to make the transition from Access 2000 to SQL Server 7? I know thedata has to be migrated and the connection between the application andthe database modified, but am really not sure exactly what to first andthe correct way to go about it. The application is a simple productconfigurator. There's not a lot of data and it's not a very complexdatabase.Thanks in advance. If you'd like, please copy responses tolcifers(AT)yahoo.com (AT) = @TIA.Cheers.- Luther
I'm writing a C# application which connects to a local SQL database for data access. The application connects to SQL Server through windows authentication, but opens up the port and sqlbrowser to others on the network wanting to access the database through SQL Server authentication, and also allows remote users to connect to this server remotely if they have the login and password (and because the port is already open)
I understand this is not secure and open to attack, and am unsure of how to secure these processes without blocking these three types of access, from A.) the local user, B.) the network user and C.) the remote user across the net.
Have researched this a fair bit, but get somewhat lost amongst all the jargon.
how can i publish my RS2005 reports with asp.net(2005) application.I am trying by creating virtual directory ,the aspx page runs but it is unable to access reports from report server
Is there any article on how can i deploy report with asp.net so that i can access report using aspx page remotely
The sample application provided with Access Database Synchronizer fires a "A request to send data to the computer running IIS has failed. For more information, see HRESULT." exception on my WinCE 4.2 device.
I debugged it with VS2005 to see what was going on and found that the problem resides in the line:
m_connDesktop.Pull("MSysObjects","SELECT Name FROM MSysObjects WHERE Type=1 and flags=0",accessSysConnectString,RDATrackOption.TrackingOff,"Err_MSysObjects");
It seems that connection m_connDesktop is ok but calling Pull method fails.
I've verified that SSEvAccessSync service is started when ActiveSync detects device connection and that firewall rules are correctly updated.
Also, i verified my System.mdw and i discovered that there is no "MSysObjects" table (only MSysGroupList, MSysGroupMembers, MSysUserList and MSysUserMemberships queries are there).
Do you think the problem is there?
How can i solve it without damaging System.mdw?
I cannot figure out what's the purpose of this line of code, can you help me?
I am writing an Internet/Extranet based (ASP.Net 2.0) web application that uses SQL server 2005 as the database. I am using forms authentication on my web application. I am also storing the connection string to SQL server in my web config file. The conn string is encrypted using DPAPI with entropy. I currently have created a SQL login account on my SQL server for use by the web application. This is the user ID I am using in my conn string. The reason for this is because all persons using the application will NOT have a windows login.
Here is my question: The login I created currently has defaulted to the "dbo" role and therefore has "dbo" rights to the database. I want to setup up this login account so that all it can do is execute stored procedures. I dont want this SQL login to be able to do anything else. In my application I am using stored procedures for ALL data access functions, via a data access layer in my application. Can someone guide me step by step as to how to setup this type of access for this SQL login.
