I need to check long strings and only allow them through if they contain alpha-numeric characters and selected other characters (apostrophe, comma, colon, full stop), and reject all other strings.
So in pseudocode (very roughly) :
FOR EACH character in string
IF( character not alphanumeric AND character not valid character )
reject string
(end loop)
Accept string
Hi all, I need to have a check procedure which rejects long strings if they contain anything other than 'allowed' characters (alphanumeric characters and selected other characters - space,comma, apostrophe). So in (very rough) pseudocode:
FOR EACH character in string IF( chararacter is not alphanumeric AND character is not valid ) reject string; (end checking) Accept string.
SQL Server allows for a user to have SELECT permission on a View withoutthat user requiring an associated SELECT permission on the underlying tablethat the VIEW accesses, but the user can still access the data through theView. A similar arrangement holds true for stored procedures.So based on these initial known behaviours, I have a couple of questions:1. If a stored procedure A executes stored procedure B, does the user of Arequire execute permission for B also? Or will access to B be permittedregardless because the user was given access to A?2. Similarly, if a stored procedure A accesses a View, does the user of Arequire permissions on the referenced View?I guess to paraphrase what I am trying to determine is whether SQL Serveronly checks permissions at the "entry" point of a particular function, orwhether permission checks are performed "intra-function". My openingexamples imply they are only checked "on entry", but I am wondering if thisbehaviour is entirely consistent. Perhaps the SQL Standard mandates this?
Could someone please advise if the report folder structure I am proposing will be secure enough so unauthorised users can't access the reports?
I have created three folders; Departments (that contains subfolders being one for each department), Sections (that contains subfolders being one for each section), and Open Access. A manager will either see the Department or Section folder and then the relevant subfolder for the area he/she manages.
I have deployed the reports from the Development Studio to the Home page, made them invisible there, but created linked reports that then show in the subfolders. Each subfolder contains a separate linked report and each has parameters set within the Properties tab of SSRS that only enables the manager who will access that subfolder to see the report details specific to their area.
A manager will then be given the browser role for only the subfolder he/she has access to.
I would like to be sure that a manager will not be able to see information in other subfolders. Will my proposed structure be secure enough?
I need to check in my Stored procedure if the information passed is null or empty so I can decided to insert the new value or keep the old. How do I accomplish this please in T-SQL. Thanks in advance.
Is there a way to find out if the user entered the date in correct format for the report parameter? For example, I am using string data type and requring the user to enter date in yyyy/mm/dd format. Can I capture and prompt the user accordingly if the date string is not provided in the above format?
string SQLUpd = "UPDATE Member SET Member_pwd = '" + pwd + "',Member_nickname = '" + NickName + "',Member_mail = '" + Mail + "',Member_birthday = '" + BDay + "', Member_gende_no = " + Gender + ",Member_mobile = '" + Mobile + "' ,Member_tel_day = '" + DTel + "',Member_tel_night = '" + NTel + "',Member_occupy_no = " + occupy + ",Member_national_no = " + National + ",Member_area_no = " + Area + ",Member_address = '" + Address + "' WHERE (Member_no = " + MemberNo + " )"; in my program it does work perfectly ... but now I just recalled my teacher have told.. it may cause security problem in that way... maybe I need to change �UPDATE Member SET Member_pwd = '" + pwd +】 to �UPDATE Member SET Member_pwd = '" + @pwd +】 is there any difference between pwd and @pwd?
hello, I installed my sql 2000 database server in my Lan server,and I installed the vs.net in my computer(workstation).now I want to develop my system in my computer with the remote sql 2000 database. So how to create a security connect string of web.config in my project ? thanks in advanced!
Assume I have an asp.net/sql server 2000 web app in a shared hosting environment. I then encrypt the connection string using ProtectSection("DataProtectionConfigurationProvider") in the page load of my default.aspx page.
Am I understanding the following concepts then correctly?
1. I upload the site to the shared hosting server. 2. The first time I run the app eg. www.whatever.com/default.aspx, the ProtectSection method above is executed. 3. Now the conn string area of my web.config is encrypted, and asp.net will decrypt as needed.
4. If someone were to hack the server and view the web.config -- whether via getting into the server or via ftp, they would see an encrypted connection string. Thanks very much!
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says: Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
Is there any possibility to schedule SQL job execution as Windows Security Group? I need to run powershell script through SQL job with one of this group member's permissions.Â
I have Sql Server Express installed on Vista (service pack 2)
I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.
The login ID of the service is added to the database.
The database has remote access turned on.
The ID is granted access to all databases within the server.
The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.
The dataserver is set with using Windows Authentication for security.
When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.
How to I get past this? I've done everything right.
I want to use an Active Directory security group that is a Distribution List for a new role assignment for an existing report. Can someone tell me if this is possible? I get an error each time I try:
The user or group name <DLName> is not recognized. (rsUnknownUserName)"
I am looking for a way to log all security related events for SQL in Windows Security Log. I am trying to use SCOM for monitoring SQL and I am looking at ways to generate alerts in my SCOM Console for specific events in SQL e.g. A table is deleted, user is modified, deleted, etc. Is this possible and if yes how do I achieve the same?
In an environment where there are many initaitors speaking to a central target with frowarders in between, from what i can understand this best policy is to disable encryption on the endpoints, since dialog encryption will be enforced this is all that is really required, is this correct.
If the endpoints used encryption the message would need to be encrypted and decrypted at each forwarder resulting in slower perfromance, where as dialog encryption would only encrypt at the sender and decrypt at the target, so is this the best way to go?
Secondly is it best practice to open a dialog initally and send messages over this dialog for years never ending the conversation? This way the services only have to authenticate eachother once, if there are no reboots etc that is of course.
I would think performance wise sending each message and ending the conversation each time is a much greater overhead ? So would it be best practice to keep dialogs open and keep sending messages ?
Initally when i was learning service broker i thought that one must send a message and end the dialog until the next message, but i think the other way is the best option ?
I'm designing a distributed application where I will have SQL Server 2005 distributed databases replicating data to my central hub which is again a SQL Server 2005 database using SQL Service Broker. Data will be sent from the central hub to the distributed sites and vice versa. I need to authenticate the communication and also secure the communication by encrypting the messages. Which security shall I use? Where do I configure the type of security being used? What is the difference between transport security Vs dialogue security - Full security model?
As you can see Col1 & Col2 ONLY do not make up the PK. I need to include Col3 as well. My concern is I am not sure if I have a row like.. 1...........2.......A......X reapeated lower down the order. So how do I figure the PK out?
Can someone show me some C# code for detecting if a SQL row exists or not? This seems like a very typical action and I cannot for the life of me find a tutorial online that explains this step. In my code I'm either going to INSERT or UPDATE a record. I tried sending a SELECT command through a ExecuteNonQuery, but only got -1 as a response. Apparently ExecuteNonQuery does not work with SELECT. I then saw that T-SQL has an EXISTS keyword, but I cannot see anyway to use that from within C#.So...can anyone share the typical code they use to identify if a row exists or not within a database. I guess I was execting there to be some method available to do this sort of thing.
i want to check a value in 2 tables. the 1st table i want to check if the value exists and from the 2ed table i samething. i came up with this but when it's doing the second if i get error on the page. Dim ReturnVal As Integer Dim ReturnVal2 As IntegerDim conn As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("imacstestConnectionString").ConnectionString) Dim cmd As SqlCommand = New SqlCommand("SELECT [ReportNumber] FROM [AppraisalSummaryBlue] WHERE ([ReportNumber] = @ReportNumber)", conn) 'To check if the # is registered.Dim cmd2 As SqlCommand = New SqlCommand("SELECT [ReportNumber] FROM [t_RegisterInfoTemp] WHERE ([ReportNumber] = @ReportNumber)", conn) cmd.Parameters.AddWithValue("@ReportNumber", txtReport.Text)cmd2.Parameters.AddWithValue("@ReportNumber", txtReport.Text) conn.Open() ReturnVal = Convert.ToInt32(cmd.ExecuteScalar()) conn.Close() 'This checks if the # is correct. If ReturnVal > 0 Then 'This checks if its registered with someone else. conn.Open() ReturnVal2 = Convert.ToInt32(cmd2.ExecuteScalar()) conn.Close() If ReturnVal2 <> 0 ThenServer.Transfer("regccinfo.aspx") Else lblError.Text = "the # is registered with someone else." End If Else lblError.Text = "the # does not exists." txtReport.Focus() End If
Good morning everyone I am writing a windows forms application that will work similar to the windows messenger popup. I need this application to display a message to the user whenever a record is added to table in my DB. Any help would be appreciated in explaining how I can check the DB for new records.
I've forgotten the character set that I've chosen when I was installing the SQL Server 7. Is there a way to check?
I'm currently using US English version of Windows NT4 and SQL7. But interestingly, all the data is in Japanes characters. It's actually for a Japanese website, and the front-end application is written in ASP. I remember reading somewhere that it is impossible to do certain type of sorting (by some particular order for the Japanese language) as it is limited by the choice of the language of the NT OS.
The type of sorting that I'm looking at is the grouping of 5-characters. One example is in http://www.forest.impress.co.jp/aiueo.html
Would this be possible with my current setup? Or would it help if I migrate over to Windows 2000? (I'd rather not move to Japanese NT4)
Your feedback and advice would be very much appreciated!
Just a brief question. I have a script which does a number of insert statements. What I would like to do is determine if the insert statements were all successful. Aside from checking @@ERROR after every insert, is there a way to check if all the insert statements completed successfully?
I want to do a check to see if a number falls within a range specified by the user. Basically, they enter in a min and max value and I return a hit if a number falls inbetween.
I have having trouble with my SQL statement:
Code:
SELECT DISTINCT * FROM Table WHERE ( (0=0) AND (min.value <= Table.Value <= max.value) )
(This isn't my actual code, but just the logic)
It will return all the results everytime. Does anyone have any suggestions on what I could be missing here?
I have a question I hope someone can help me with.
My situation: I have a single-step job in SQL Server, which runs a stored procedure, A. This stored procedure invokes another stored procedure, B. In B, one of the statements is a 'BACKUP DATABASE' command, and a database is backed up to a file.
The job is started by an application. Once started, the application then uses the SQL-DMO property CurrentRunStatus to periodically check the status of the job. When the property returns the value SQLDMOJobExecution_Idle (indicating the job has completed), the application code then continues processing, and attempts to access the .dat file produced by the 'BACKUP DATABASE' command.
My problem: On occasion, the application will hit the problem where either the backup file cannot be located, or the file is still being locked by another process (Error=The process cannot access the file because it is being used by another process).
Is anyone able to shed some light on this?
I assume that the job will only return a completed status after: (a) both A and B have completed execution, and (b) the BACKUP operation has completed
Is it possible that even though SQL Server indicates the job has finished, that the BACKUP operation still hasn't completely ended?
I have around 25 sql servers(sql server 2000) all on windows server 2003. i would like to know if anyone has a script that will poll all the servers and check to make sure the agent is running.
I need to check one table while updating another table suppose i need to check table1's value is whether less then 0 or not without if condition can i check it with update query? thank you
I have a table that I know has a null or nothing in a field. When I run this query to get a list of them nothing comes back at all but it doesn't error out. Any ideas?
select * from lab_test_add_conf where table_name = null order by lab_test_conf_id
This is going to sound ignorant but... I had a look here http://support.microsoft.com/?id=321185
And one thing isn't clear. How doe you know if the 32-bit or 64-bit version was installed?
------------------------ Me: What do you want to know from your data warehouse? Client: Err...Emm...Everything Me: OK, that's great. That's all I need to know. I'll see you when it's done.
