Are there any built-ins, utilities, ... within sql server 2000 that can be used to enforce password complexity in the database. i.e at least 8 characteres, upper and lowercase mix, includes at least on number and one punctuation (underscore,...).
I understand that this requirement can be achieved using windows authentication. Unfortunately we do not have that luxury (at the moment).
I need to restore a v2000 database to a v2005 database including all users. It's a brand new server and database. When I try to copy all of the new accounts, I get this error:
Msg 15118, Level 16, State 1, Line 1
Password validation failed. The password does not meet Windows policy requirements because it is not complex enough.
What do I do with the password complexity? Any ideas?
My aim is to write a function that returns a bit determining if a varchar(30) argument is "complex enough" to serve as a password. I am open to suggestions of better heuristics, but the rules I was initially planning to use were:
1) Greater than 8 characters long.
2) Contains at least one upper case, lower case, number, and punctuation (loosely defined as anything not in the first three categories).
I can loop over the characters in the PW and use CHARINDEX to test against these three subsets, but I thought there just might be a more clever way to accomplish this.
I also mention the "meta" problem since I am all ears if anyone has a better idea of how to measure complexity.
Cheers,
Lyman Hurd
PS Only a hash gets stored in the DB. This is to be used in the stored proecdure where people set their passwords. Thanks in advance for any thoughts.
I am trying to understand constraints and minimum cardinality.
In a relationship between 2 tables, t1 and t2, with a parent to child relationship of
1 to 1 or more how is the minimum cardinality enforced?
If both sides of the relationship require at least one occurrence, how would the insert be done? How can you insert into table t1 when it has a constraint that there must be an occurrence in table t2, or vice versa?
Any help in understanding this is greatly appreciated!
In SQL Server 2000, can you enable an option to check password retries? For example if an SQL Server ID logs incorrectly 5 times, you disable the login account.
I 'completed' a DTS package which uses a file on a non-SQL server. I am about to put this into production, so it runs automatically each evening. but just realized that it won't work unless it signs onto the source file's Windows 2000 server. It works for me when I'm testing it because I am always logged on the the Windows 2000 server.
I have been trying to figure out which DTS task I need to use to establish a connection by embedding my UserName and Password. Any tips woud be apprecitaed.
HI!I have a little problem:I have change the administrator password (Windows 2003 Server) which MSSQL 2000 use to login.And now the SQL server can't stand up.What should I do?thx!gicio--Posted via http://dbforums.com
I have a package protected by a password - I am already unhappy that to get it to use the configuration file to change connection strings for the production servers I have had to hardcode the password into the config file - very insecure! However, the package now deploys correctly to the production server and will run from there OK, but NOT if scheduled as a SQL Server Agent Job. Thus is because however often I edit the command line to include the password after the DECRYPT switch (which it has prompted me for when I click on the command line tab), the Job Step will not retain it. If I open it up after I have edited it and closed it, the password has disappeared.
I know that if I run dtexec plus the code in the Command Line tab (with the password), the package runs OK.
This is driving me insane! I have read all the other posts and so I tried replacing the SSIS package step with a CmdExec step and pasting that code into there - then I get an OLEDB error..
The code I use is: DTEXEC /SQL "ImportRateMonitoringTables" /SERVER servername /DECRYPT password /CONFIGFILE "D:Microsoft SQL ServerSSISDeploymentsRateMonitoringImportTasksDeploymentImportRateMonitoringTables_Production.dtsConfig" /MAXCONCURRENT " -1 " /CHECKPOINTING OFF /REPORTING E
and I get
SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x8000FFFF
although the same code executes perfectly from a command prompt.
Please does anyone have any experience with a similar problem and if so, how did you get round it?
I tried to install an ALLDATA database which run with SQL Server 2005 express edition. The data base fails to install becase of the following code that come up which is related to AS password requirement. The error that come up is:
TITLE: Microsoft SQL Server 2005 Setup ------------------------------
The sa password must meet SQL Server password policy requirements. For strong password guidelines, see Authentication Mode, in SQL Server Books Online.
For help, click: http://go.microsoft.com/fwlink?LinkID=20476&ProdName=Microsoft+SQL+Server&ProdVer=9.00.2047.00&EvtSrc=setup.rll&EvtID=28001&EvtType=sqlca%5csqlcax.cpp%40SAPasswordPolicyCheck%40SAPasswordPolicyCheck%40x6d61
------------------------------ BUTTONS:
&Retry Cancel ------------------------------
I am trying to install this database in a network server operating under Windows Server 2003 R2 with SP2. If anyone knows how to solve this problem, please let me.
I'd like to create a relationship between two tables in sql server 2005, where a User can be a Partner and a Partner must be a User. So it 0-1 and 1-1. How do I enforce this relationship?
I will also be creating a view from this, will there be any problems when inserting data into the view?
I might aswell add that I'm actually working on asp.net's new membership and roles, so I don't want to change the default tables.
I have a reporting services application that needs to run reporting services without a user context. However, it will not pass the SSL check. I am using a self-signed certificate that is in the trusted certificates store. What I would really like to do is run reporting services without enforcing SSL (just not allow port 80 connections from the firewalll for security) and merely allow SSL connections when they come in so that any local programs can use reporting services without the need for SSL. As far as I know, Reporting Services (ISAPI filter?) is somehow checking the http headers and not allowing, at least an anonymous, a connection *unless* SSL is forced (WHY?). If my app redirects using the https://FQDN or http://localhost to reporting services it fails the SSL check.
Is there a way around this or can simply do something with the certificate store, like trusted certificates or publishers, so that my local programs can pass the SSL check?
sql server 2000 windows 2000 authentication is through the db (not windows).
I am attempting to limit access to one of our production sql server databases. I want to ensure that only application users can connect to the db, i.e they connect to the application and the application connects to the database (database access is transparent to them). The app uses a common login account.
I would like to prevent users from connecting to the db using ad hoc query tools or other EDIs (toad for sql server, ...). Currently there is nothing stopping them from doing so using the application acct/pwd.
I am contemplating writing a trigger that checks for the program that the user is using and if the program is not recognized, kill the session. Is this the right approach or is/are there any "out of the box" utilities that will do this for me?
FYI. the acct/pwd that the app uses to access the db is well known to users.
Hi, I've been writing simple database queries for a long time, but I've come to a point where I need to do more work with fewer queries, and I've not been able to make a dent in it. Please excuse my ignorance.
I have a relational database of prices that holds the following info:
I want to build a form where my customers can select their currency, their industry and their company size, and then display prices for a specific product (series).
My problem is on the way to the product select. I don't want to display a huge list of EVERYTHING--I want the customer to be able to first select a Main Product, and then populate a list with the relevant sub product for them to select.
However my database is set up with three tables for the individual products: a MainProducts table with main products and ids, a Series table with sub products (we call them series) and ids, and a third table Products that combines the mainproductid with the subproductid to create a unique Productid that is used throughout the rest of the database to get the prices.
(see the relationships here: http://magneticmirror.com/db.gif. The reason for this is that Series in two different MainProducts can have the same name, and so constitute different Products)
The only way I know how to display the name of the relevant series (sub products) is to get the user to:
*select a MainProduct from a list; *then select all ProductIDs from the the Products table with that MainProductID; *then for each row from the Products table, take the SeriesID (sub product) and run that against the Series table to get the name of the series corresponding to that ID
if there are 50 series in a product line, that would be 50 individual queries just to populate the list.
There must be a better way. Is this what joining tables is about?
Can anyone tellme how can we determine a DTS Package's complexity. I want to know the elements that determine the complexity of DTS Package.The very little knowledge I have is number of Connections, number of tasks, Number of Activex Script Tasks. Can anybody please give some more data on this.
there's a concept named cyclomatic complexity in software dev which measures the complexity of code by its number of decision points. This would be measured by # of if statements, nested if statements, etc in a method.
Do SQL queries have any type of equivalent? For example, # of joins, # of conditions, etc. Factors into a complexity metric which indicate how complex, risky or error-prone a sproc might be based on certain factors?
Hi,I'm curious about the computational complexity of a query I have. Thequery contains multiple nested self left joins, starting with a simpleselect, then doing a self left join with the results, then doing a selfleft join with those results, etc. What puzzles me is that the timerequired for the query seems to grow exponentially as I add additionalleft joins, which I didn't expect. I expected the inner select toreturn about 25 rows (it does), then I expected the self join to resultin about 25 rows (it does), etc. Each join just adds another column; itdoesn't add more rows. So the left part of the join is staying the samesize, and so is the right part of the join, since I'm always joiningwith the same table.So I would think the time for this query should be (time to join 25rows against the source table) * (num joins), but it seems to besomething like (num rows) ^ (num joins). Any ideas? I'm just trying tounderstand the system a little better. (But if you have any ideas aboutimproving the query, I'm always open to those, too.)The execution plan is what you'd expect: an index seek loop-joined withanother index seek, the results of which are merge-joined with anotherindex seek, the results of which are merge-joined with another indexseek, ad nauseum, until a final "compute scalar cost (39%)" and "select(0%)"For the brave and curious, I've pasted the query below.Thanksselect right(x.cp_yyyymm, 2)+'-'+left(x.cp_yyyymm, 4) as [Month],table0.cp_num_loans/1 as [AFCM9704], table1.cp_num_loans/1 as[AFC9104], table2.cp_num_loans/1 as [BFAT01C], table3.cp_num_loans/1 as[BFAT02B], table4.cp_num_loans/1 as [BFAT03D], table5.cp_num_loans/1 as[BFAT03E], table6.cp_num_loans/1 as [BFAT03F], table7.cp_num_loans/1 as[BFAT04A], table8.cp_num_loans/1 as [BFAT04C], table9.cp_num_loans/1 as[BFAT04D], table10.cp_num_loans/1 as [BFAT99C] from (((((((((((selectdistinct cp_yyyymm from cp_deal_history where cp_deal_id in('AFCM9704', 'AFC9104', 'BFAT01C', 'BFAT02B', 'BFAT03D', 'BFAT03E','BFAT03F', 'BFAT04A', 'BFAT04C', 'BFAT04D', 'BFAT99C') and cp_yyyymmbetween 200304 and 200504) as x left join (select cp_yyyymm,cp_num_loans from cp_deal_history where cp_deal_id='AFCM9704') astable0 on x.cp_yyyymm=table0.cp_yyyymm) left join (select cp_yyyymm,cp_num_loans from cp_deal_history where cp_deal_id='AFC9104') as table1on x.cp_yyyymm=table1.cp_yyyymm) left join (select cp_yyyymm,cp_num_loans from cp_deal_history where cp_deal_id='BFAT01C') as table2on x.cp_yyyymm=table2.cp_yyyymm) left join (select cp_yyyymm,cp_num_loans from cp_deal_history where cp_deal_id='BFAT02B') as table3on x.cp_yyyymm=table3.cp_yyyymm) left join (select cp_yyyymm,cp_num_loans from cp_deal_history where cp_deal_id='BFAT03D') as table4on x.cp_yyyymm=table4.cp_yyyymm) left join (select cp_yyyymm,cp_num_loans from cp_deal_history where cp_deal_id='BFAT03E') as table5on x.cp_yyyymm=table5.cp_yyyymm) left join (select cp_yyyymm,cp_num_loans from cp_deal_history where cp_deal_id='BFAT03F') as table6on x.cp_yyyymm=table6.cp_yyyymm) left join (select cp_yyyymm,cp_num_loans from cp_deal_history where cp_deal_id='BFAT04A') as table7on x.cp_yyyymm=table7.cp_yyyymm) left join (select cp_yyyymm,cp_num_loans from cp_deal_history where cp_deal_id='BFAT04C') as table8on x.cp_yyyymm=table8.cp_yyyymm) left join (select cp_yyyymm,cp_num_loans from cp_deal_history where cp_deal_id='BFAT04D') as table9on x.cp_yyyymm=table9.cp_yyyymm) left join (select cp_yyyymm,cp_num_loans from cp_deal_history where cp_deal_id='BFAT99C') astable10 on x.cp_yyyymm=table10.cp_yyyymm order by x.cp_yyyymm
Right now I have some code, part SQL, mostly C#, to generate reports from a few tables. I have the following tables: UserGroups -GroupId -UserId
Users -UserId -Name
ItemLogs -LogId -ItemId -UserId * there will be multiple log entries for each item
I'm given a list of GroupIds.
I need to retrieve all the users within those groups for each user I need to retrieve the UserId and the Name, along with the number of total rows in the ItemLogs with that user's UserId, and the number of distinct ItemIds in ItemLogs that belong to that User.
I'm able to easily do this using C# with minimal SQL, but that involves a lot of looping and small queries which is extremely slow.
I'm thinking that I could use some more advance SQL strategies to retrieve what I need a lot faster, but I don't know how. My thought is to first create a temporary table with the group ids I'm given so I can quickly retrieve all of the users I need. Once I have the UserIds, getting the Name is simple, but I don't know how to grab the data I need from ItemLogs without looping through for each User.
I am trying to change password, using the code below.. The code below is in a stored proc and I am passing these parameters from a web application..... sp_password [ [ @old = ] 'old_password' , ] { [ @new =] 'new_password' } [ , [ @loginame = ] 'login' ]
sp_password 'cust1','cust2','cust1' Server: Msg 15210, Level 16, State 1, Procedure sp_password, Line 20Only members of the sysadmin role can use the loginame option. The password was not changed. I made my user part of the db_securityadmin role, but that does not help... How can I give the above mentioned permissions, so that when user cust1 logs on then he can chnage his own password from the web application as long he has given his old password correctly?
Dear All! I have installed my sa password "sa" during my MSDE (desktop engine of sql) installation. currently i am loging into query analyzer using windows authentication. But i cant access the database through my code, coz i dont have sa access. Please kindly Help me finding my current sa password. Thank You!
Running SQL2005 and on occasion I see durations of 928809 or even 2830562 in the trace for commands that usually run in the 7000 range. Reads are still in the 1200's even during the huge duration spikes. These are calls from ASP.NET ADO.NET and there should be a 30 second timeout on them by default to boot. I see a few other times that we've logged timeouts so I know the timeout is working at times but not at others. Any ideas what's going on both with the strange serious outliers and the fact that these queries aren't timed out properly?
I am looking to create an ASP w/ functionality to change user's SQL password. Many do not have access to EM or Query Analyzer and need a website to visit. Has any had expirience w/ this prior?
I have SQL 2000 and I forgot my SA password and cannot login as administrator using windows authentication.
Is there any way to reset SA password?
"Mixed Mode" authentication is enabled.
If I change authentication mode in register to Windows only and then after restarting SQL change it back to Mixed, will it reset SA password to "null"?
(1) contains a for loop task (in which all the logic is contained) that loops through a particular folder for excel files WITHIN THE FOR LOOP: (2) pulls data from an excel file into SQL Tables(Data Transformation Task) (3) run stored proc to validate data (Execute SQL TASK) (4)ON SUCCESS of executing the SQL Task (Script Task - move file to success or reject folder based on value returned from sproc) (5)ON FAILURE of executing the stored proc (Script Task - move file to bad format failure)
NOTE: I have modified the MaximumErrorcount property of (1 FOR LOOP) and (3 EXECUTE SQL TASK) and the package itself to 0. In order to deal with badly formatted excel files...I do not want the package to stop for every missing tab in excel file or data entry error. I simply want the badly formatted file to be moved to a special folder
PROBLEM: on failure logic is never executed (I have 2 options after step (3)) on success do step (4) on failure do step (5) step (3) fails...then it simply iterates to the next file step 5 is never executed
Is this because I changed the maximumerrorcount property? What am I doing wrong witht he Precendence Logic?
Hello, I'm running an MS SQL 2005 database which supports our entire website and it's fairly huge. I seem to have lost the sa password for the database.
I COULD get it back if there was a way to convert the SQL 2005 DB to an SQL 2000 DB, seeing as how I found a password cracker for that version. Is there anyway to convert a 2005 DB back to a 2000 DB?
Does anyone have any other ideas they might want to lay on me?
I'm kind of sick about this... I'm usually a really good note-taker; In fact, I do have the sa password recorded in an IT database that I keep. Unfortunately the password just doesn't work. I've tried the caps lock and other variations, but the password just eludes me.