Is WITH ENCRYPTION Now Safe In SQL2005?
Nov 5, 2005
Hi,
has anybody knowledge about the safetyness of encrypting stored procs in
SQL-Server 2005 using WITH ENCRYPTION? Or can they be hacked with the same
old tools which exists for SQL 2000?
thanks,
Helmut
View 7 Replies
ADVERTISEMENT
Feb 5, 2007
I am accessing a SQL2005 Express SP1 Server via TCP/IP (all machines fully up to date with windows update). For ease of configuration the Server IP is mapped to an Alias in Native Client Configuration Manager. On the Client Force Protocol Encryption is set to Yes and Trust Server Certificate is set to No. The clients are accessing the DB via SQL 2005 Management studio express and Ms Access 2003 (an access adp front end to the sql database).
As a test i turned off force encryption on the server. A Network trace shows no encryption! Turning on force encryption on the server corrects this.
As a further test I configured the server with a certificate the client doesn't trust. No error is generated by the un-trusted certificate! The only way to generate the certificate error is to enable encryption in the connection properties of each application. Why isn't the Native Client Configuration Manager utility enforcing this???
This brings me on to a second (off-topic problem). In my access adp file, if I enable €œuse encryption for data€? advanced option under the database connection dialog all works as expected (encryption + certificate verification). However, I am programmatically updating the connection in VBA
Application.CurrentProject.OpenConnection "Provider=SQLOLEDB.1;Data Source=AliasName;Use Encryption for Data=True;..."
If I do this no encryption is enabled!!! Access seems to just ignore the encryption statement.
Has anybody got any ideas as to why either of these issues are occurring or if there are any workarounds?
Thanks
Stuart
View 3 Replies
View Related
Oct 7, 2015
I have created two user defined functions for encryption and decryption using passphrase mechanism. When I call encryption function, each time I am getting the different values for the same input. While I searching a particular value, it takes long time to retrieve due to calling decryption function for each row.
best way to encrypt and decrypt using user defined functions.Below is the query which is taking long time.
SELECT ID FROM table WITH (NOLOCK)
                    WHERE dbo.DecodeFunction(column) = 'value'
When I try to use symetric or asymetric encryption, I am not able to put "OPEN SYMETRIC KEY" code in a function. So, I am using PassPhrase mechanism.
View 3 Replies
View Related
Dec 15, 2005
hi
i try to restore a bak file from another sql2005 server to my sql2005 server, but it show the error message as below :
TITLE: Microsoft SQL Server Management Studio Express
------------------------------
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo)
------------------------------
ADDITIONAL INFORMATION:
Cannot open backup device 'C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBackup�ackup.bak'. Operating system error 5(error not found).
RESTORE HEADERONLY is terminating abnormally. (Microsoft SQL Server, Error: 3201)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.1399&EvtSrc=MSSQLServer&EvtID=3201&LinkId=20476
------------------------------
BUTTONS:
OK
------------------------------
pls some one can help me ???
thanks
chaus
View 62 Replies
View Related
Oct 12, 2007
Can you open/use a database created in SQL2005 in SQL2005 Express?
Thanks for the help!
Max
View 4 Replies
View Related
Jul 23, 2005
I have two servers: progress as transational server and mssql as warehouseserver.I did DTS that "pumps" data from progress to mssql (via ODBC). Copying thedata has to be done once a day, but sometimes there is a need to do it onuser's demand.I'd like to ensure that I properly understood the method of running DTS I'vejust found using Google.As I can see, there are at least two methods (except of scheduling):- using dtsrun - which requires user running the DTS to have adminprivileges to use xp_smdshell- using sp_start_job - which requires creating a job prior to running theDTS.I think of using the second one as it seems to be more secure - am I right?Are there any hidden traps? What else should I do?--PL(remove "nie.spamuj.bo.w.ryj" from my email address)
View 2 Replies
View Related
Apr 8, 2008
I am trying to persuade our security people to allow access to RS from external facing web sites. The web sites will talk to the SOAP interface over SSL so the firewall will need to open port 443 between the web server in the DMZ and the RS server inside the firewall.
Any credentials passed will be encrypted, so the main questions is around parameters to reports and the possibility of SQL Injection attacks. I need a white paper or other document that will convince them that RS will not allow SQL Injection or scripting attacks and properly validates parameters.
Does any such thing exist?
View 7 Replies
View Related
Dec 27, 2005
I just upgraded my SQL 2000 server to SQL2005. I forked out all that money, and now it takes 4~5 seconds for a webpage to load. You can see for yourself. It's pathetic. When I ran SQL2000, i was getting instant results on any webpage. I can't find any tool to optimize the tables or databases. And when I used caused SQL Server to use 100% cpu and 500+MB of ram. I can't have this.Can anyone give me some tips as to why SQL 2005 is so slow?
View 3 Replies
View Related
Jan 4, 2007
Hi
We have Sql2005 x64 bit standard edition server installed in windows 2003 64 bit editio server,
currently due to buisness requirements we need to have sql2005 x64 bit enterprise edition, please let me know how do i do the upgrade or change.
is it possible to retain all our custom settings in the standard edition after changing to enterprise edition.
This has to be done for our production and very critical, please help
Thanks
Samuel I
View 4 Replies
View Related
May 3, 2001
Can anyone tell me how I can copy store procedures from SQL Server 2000 to Source Safe 6.0? I right-click the store procedure and cop
y it but when I got to the visual source safe it will not work. I therefore went through the soruce code control on Tool menu which I cannot see such commands. I do really need your help.
Regards,
View 2 Replies
View Related
Oct 27, 2007
I've recently planned to make a program that uses remote MSSQL connection. I'm not such an expert in security.
Please can someone tell me if it safe? and how can I improve my security. I know how to block SQL injection, but me fear is that some will hack my software for personal use.
Thanks, RedEyez.
View 3 Replies
View Related
Nov 29, 2007
I have a table that stores a value called "LocationNumber" as a varchar. I didn't create the database, I just use it. Anyway I usually sort the list by Casting the LocationNumber to an Integer. If I don't cast it, it trys to sort it lexiographically i.e. 0, 1, 21, 3, 345, 9 instead of 0, 1, 2, 3, 9, 21, 345.
It works 99.9% of the time, but the other 0.1% of the time it runs into some text that somehow made its way into the database field, and it causes an error.
Is there a way to safely cast a number in SQL? So that it just returns 0 when the value is not a number.
View 8 Replies
View Related
May 28, 2004
Hey,
I'm creating registration form.
To show fields names I thought to read columns names.
It's ok if columns is named like "Name", "Age" etc.
But if the columns is named [Country, Address, PostCode] then, I think, it can course some problems. Am I right?
First problem I thought about - changing database in the future (Now MS SQL 2k to MySQL etc.)
Is this the only problem?
To solve this I think using table which store syscolumn names as user defined columns names.
My system is speed critical and using this I would get less performance.
Which way should I go?
Case saving columns names in table, how to generate safe column name from user specified name, which can have special charters.
Thanks
View 6 Replies
View Related
Oct 11, 2000
I'm in the process of locking down our SQL Server development environment and wanted to implement some type of version control, not just for stored procedures but for all database objects (tables, triggers, etc.)
A while back I read an article that explained how to utilize Visual Source Safe to establish version control for databases. If I recall correctly, I believe it had something to do with Visual Interdev and creating some project with Visual Interdev.
If anyone can provide alittle more insight into how to accomplish this, or at least point me in the right direction, it would be greatly appreciated.
Thank you in advance for your help!
View 3 Replies
View Related
May 13, 2008
We have a VB.Net 2005 application that uses SQL CE 3.1 as its embedded database.
Frequently in the application, we must store strings with apostrophes, quotes, and all kinds of other stuff. It's totally unwieldy to try and manually escape every nonstandard character in every string... this is why we need to know how to handle this issue for all possible input.
What is the best method we can use to store any string, no matter what characters occur in it? The reason we must now improve our string handling is that we are now being required to store MD5 hashes of files for security and duplicate file avoidance, and these hashes usually break our import functions.
We normally enclose strings in single quotes ('). But, with the hashes as mentioned above, none of our current code works. Again: how can we be certain that the exact string we pass in will be stored in its current form, no matter what the characters?
THANKS
View 1 Replies
View Related
Jul 30, 2007
Can someone help
I create a activeX with c# .net 2005, and need that it be "safe for scripting", but I don't have examples for do it
help me please
thanks
View 1 Replies
View Related
Feb 6, 2002
Hi everybody.
One of department want to place db application from one server somewhere else on corparation network for 3 month period.
Problem is they want to keep it with max security.
Company does not want set up another server , so we want to create another
Instance and place database on it.
1. Is safe to keep 2 instances on same server ?
2. How remove access to this instance from members of local and domain admin role(If we deny acces to BuildInAdministrators how it is going to affect security?)
Thank you
View 1 Replies
View Related
Jul 20, 2005
I have been using the index tuning wizard to review some of my stored procs,and views. So far most of my indexes have been set up well, but I am curiousas to how they would look under a production system load. I was thinking ofrunning a profile for about 30 minutes or so on the prod system, and thenusing that profile for the index tuning wizard to see what it says.Would this be of value?Can running a profile on a prod system be dangerous?--BV.WebPorgmaster - www.IHeartMyPond.comWork at Home, Save the Environment - www.amothersdream.com
View 2 Replies
View Related
Feb 9, 2008
AD corrupt on RAID caused SBS 2003 to require reinstalling, no back ups.
Due to space constraints, database was attached to the D: drive so all is lost on the OS but the LDF and MDF files are safe on the other drive. Since a complete re-install of SBS 2003 is required I'm going to go with SQL 2005. How can I re-attach the old database to the new install?
Thanks in advance for any assistance,
Jeff
View 4 Replies
View Related
Apr 16, 2008
My understanding is that Microsoft SQL Server 2005 (unlike SQL Server 2008) is NOT safe for image-based deployments or at least is not officially supported. Is anyone aware of what tasks need to be performed if an image-based deployment approach is taken?
I have Windows and SQL Server installed on HostA, and I want to create an image and install a copy of the image to HostB, HostC, and so on.
When the image has been restored to the target machine, I do the following:
1. Run NewSID.exe
2. Change Host Name
3. Change IP Address
4. Change the SQL Server sysservers table via sp_addserver.
I noticed that the SQL Server installation program has created sevral Windows groups and SQL Server has several logins, users, and schemas with names associated with the source machine, HostA.
My question are: What are these accounts used for? Can or should they be renamed (this shouldn't affect the SIDS, right)? Is there anything else that requires changing? Can this be automated? What "gotchas" should I look for? Or is this simply not "doable"?
Any help/guidance is appreciated!
View 1 Replies
View Related
Aug 23, 2007
Hopefully this is the right forum! Im guessing they both are since they return the values pertaining to the current scope. I don't want to use transactions when I dont have to. What do you guys think?
View 4 Replies
View Related
Sep 5, 2007
Assume in a table, I have a table structure which contains parentID and childID.
In my procedure to insert a child for example, I begin a transaction, do a select statement see how many children for the given parentID, if is more than 10 then don't insert , otherwise insert the new child in. Then commit the transaction.
I wonder how thread safe such code would be... Quite worry about data corruption.
If 2 threads both updating this table, and the select statement both return 9 children, so both of them think they can do the insert, so the parent will end up with 11 children. Is such scenario possible to occur? If so, how to solve it and make sure the code is thread safe?
Hope someone can give me some suggestions..
Thank you
View 10 Replies
View Related
Oct 6, 2005
I have always upgraded the OS on test servers before upgrading on production. We are in the process of upgrading hardware for a production server and are considering installing Windows Server 2003 Standard Edition vs. what previously existed on the server, Windows 2000 Standard Edition. How much of a risk would this present? I'm leaning towards not changing the OS until we have a chance to upgrade the test servers first.
Dave
View 2 Replies
View Related
Jan 3, 2007
Hi - I am wondering if anyone can give me good advice on the following situation:
I'm a new employee at a place where the SQL Server/Visual Source Safe admin has left. Only his co-worker has a VSS account and the VSS admin never gave her the admin p/w and he cannot be contacted. We need to have an account set up for me.
My question is: How can this be done with the knowledge of the admin p/w? Would we have to backup the files, un-install VSS, re-install it and set up the admin account again, or have I answered my own question? Or are we screwed? I don't have enough experience with VSS to make a decision.
At this point we're considering calling "Geek Sqaud" or "Geeks on Call", etc.
Thanks for any suggestions?
View 4 Replies
View Related
Jul 17, 2006
My manager has asked me to install and configure Source Safe so that our team can check out stored procedures, (and other objects), and check them back in when we are finished working on them.
I'm not familiar with Visual Source Safe. Does SQL Server 2005 work with Visual Source Safe in such a way that I can check out/in SQL Server objects such as procedures?
If someone knows the answer, or perhaps an existing thread that covers this, please let me know.
Thank you for your time!
Frank
View 1 Replies
View Related
Apr 3, 2006
Can someone give some comments on which program to use with SSIS ?
View 2 Replies
View Related
Nov 15, 2007
I have about 40 stored procedures in a Visual Source Safe stored procedures which we are using for change control.
All stored procedures require to be moved into production across at least 13 different databases each on a dedicated server.
The only way I know at the minute is to do this manually. Does anyone out there have any ideas of how this task can be automated?
View 9 Replies
View Related
Oct 6, 2006
Would turning off ViewState in Report Manager be safe? Or at least is there a way to deactivate ViewState for viewing reports in Report Manager instead of all pages in the web site?
I'm not sure of the impact of deactivating this with the internals of the web application.Â
View 2 Replies
View Related
Jul 20, 2006
Hello,
To implement the new SQL 2005, I plan to make the environment easy to manage. The environment should be simple to document and be automated via scripts. Therefore I plan to use mount points as described below.
On a typical SQL server with multiple drives like C, D, E, F, G, H. Where each drive will have various folders to hold SQL code, data files, transaction log files, tempdb files, snapshot files, and other types of files. This typical environment is not pretty and is hard to write scripts for.
So I plan to standardize on one standard directory structure via volume mount point. On all new SQL 2005 servers, we should see drive E as the one and only SQL Server directory. Other drives will be mounted to drive E as shown.
E:
SQLSERVER local folder -sql code for each db instance
SQLSHARED local folder -sql shared tools for all db instances
SQLTLOG1 Drive H -db transaction log
SQLSNAP1 Drive F -db snapshot files
SQLTEMPDB1 Drive H -tempdb main data file
SQLWORK Drive D - DBA work area
SQLDATA1 Drive G -db data files
SQLDATA2 Future Drive -if SQLDATA1 is too large for any direct attached drive, or to get more I/O throughput.
With this implementation, I can easily write scripts to manage the environment. Also if any mounted volume is out of space, we can swap the based drive without doing any change to database configuration. We can also switch from direct attached drive to SAN in the future.
Do you think mount point is safe to use with SQL 2005? I know it is supported.
Do you have a standard directory structure for your environment? How do you do it?
Thanks,
KTMD
View 2 Replies
View Related
Sep 19, 2007
I am unable to install 32-bit SQL Server Integration Services on the server due to something that was left behind by the 64-bit version.
I've uninstalled SQL Server 2005 64-bit and when I try to install the 32-bit version of Integration Services, I get this error: "Failed to install and configure assemblies C:Program Files (x86)Microsoft SQL Server90DTSTasksMicrosoft.SqlServer.MSMQTask.dll in the COM+ catalog. Error: -2146233087 Error message: Unknown error 0x80131501 Error descrition: FATAL: Could not find component 'Microsoft.SqlServer.Dts.Task.MessageQueueTask.ServCompMQTask' we just installed."
I can't seem to figure out how to resolve this problem with the COM+ and I can't remember if Integration Services is required.
Can anybody please advise?
View 1 Replies
View Related
Jul 8, 2007
Hello,
I have a vb program that include a dts package that has been saved to vb with sql2000 dts wizard and works very good.
Now that I upgrade my website to sql2005, this vb dts package doesn't work.
The error I get is:
Microsoft Data Transformation Services (DTS) Package
Invalid STDGMEDIUM structure
(Microsoft Data Transformation Services (DTS) Package (80040066): Invalid STDGMEDIUM structure
) (Microsoft SQL-DMO (ODBC SQLState: 42000) (80004005): [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near ')'.)
I searched in the internet how to make dts package in sql2005 and save it to vb and found no information about it.
What Can I do to get the vb code of the dts package I create in sql2005 or how do i migrage the sql2000 vb dts package code to sql2005?
Thanks,
Kubyustus
View 4 Replies
View Related
Dec 15, 2007
If I send multiple sql's with ado.net in one statement (one executeSql separated by semilcolons), and the second one fails, will the first one be rolled back? or do I need to put it all in a transaction?
View 1 Replies
View Related
Sep 25, 2000
Hi,
Any pros and cons of putting sprocs into Source Safe?
Thanks,
Judith
View 2 Replies
View Related
