SQL Security :: How To Determine What Certificate Is Used To Encrypt A Database In 2014

May 28, 2015

I use a number of certificates on my database server.  I'm trying to verify the correct certificate is being used on the correct database.

View 3 Replies


ADVERTISEMENT

Encrypt Connection With Certificate

Feb 7, 2007

I have been trying to create a certificate for use with SQL2005. I found openSSL to create a cert but I am not sure how to use it.

When I go into SQL Config Manager / Protocol Properties / Certificate Tab... I do not see any certificates. The list is empty. Where are these certs pulled from and how can I create one on my own?


Here are the Reqs:

Certificate Requirements

For SQL Server 2005 to load a SSL certificate, the certificate must meet the following conditions:

The certificate must be in either the local computer certificate store or the current user certificate store.

The current system time must be after the Valid from property of the certificate and before the Valid to property of the certificate.

The certificate must be meant for server authentication. This requires the Enhanced Key Usage property of the certificate to specify Server Authentication (1.3.6.1.5.5.7.3.1).

The certificate must be created by using the KeySpec option of AT_KEYEXCHANGE. Usually, the certificate's key usage property (KEY_USAGE) will also include key encipherment (CERT_KEY_ENCIPHERMENT_KEY_USAGE).

The Subject property of the certificate must indicate that the common name (CN) is the same as the host name or fully qualified domain name (FQDN) of the server computer. If SQL Server is running on a failover cluster, the common name must match the host name or FQDN of the virtual server and the certificates must be provisioned on all nodes in the failover cluster.

View 3 Replies View Related

SQL Server 2014 :: Possible To Determine Dataflow Within A Database?

May 14, 2015

Is it possible to determine the data flow within a database? e.g. I start by adding/inserting a record in MainTable1, then through a trigger SubTable1, SubTable2 have records inserted into, SubTable3 has a record updated into, then a StoredProcedure1 is run which updates first SubTable4, then a StoredProcedure2 is run which adds a record in SubTable5. So by simply adding a record in MainTable1, I affect 5 other tables.

Imagine a more complex process than this one now (which I'm currently facing and I want to win time and precision; I will still investigate it myself (if I will find an answer first - I will post it here)) Is there a way I could "extract" this flow by using T-SQL?

View 7 Replies View Related

How To Determine Objects Signed By A Certificate

Apr 30, 2007

Is there any way to determine what objects (stored procedures in my case) have been signed by a certificate? I could not find any system views/tables/functions that seem to give any information about certificates what so ever. Am I missing something or is that part of the security to prevent gaining details about certificate usage?

View 5 Replies View Related

Certificate Security And Dynamic Routing

Aug 28, 2007

I've been reseaching on SSB and have read quite a number of posts on this forum that closely relate to what im trying to achieve. I have a solution im designing that ideally consists of a central server (SQLENTERPRISE) that will receive messages asynchronously from remote clients (SQLEXPRESS) spanning a wide geographical region over a GPRS virtual private network on a TCP/IP transport. This ideally is a star and spoke architecture and requirements dictate high level security, no loss of messages whatsover as well as high reliability and scalability.

To meet the security requirement in the context of the above scenario, i was thinking implementing both dialog and endpoint security using certificates would be ideal. I've downloaded some samples and have encountered problems simulating the above scenario on 3 machines (I Server & 2 Clients). Client1 sends messags successfully, the 2nd client doesnt possibly because the certificate on the server matches that to client1 since i ran that script first. How do i make it that the Server shares one certificate with all remote clients? Or is there a better way to configure SSB to work in this scenario?

Secondly i have hard coded the Server's IP Address in the Routes created on the Clients. Considering this is over a GPRS Virtual network, how can i make the clients dyamically "discover" the Server? The idea here is to make adding and setting up of new remote clients easy so that you can just plug them in to the existing network

Any help or pointers would be greatly appreciated.

PapaLee

View 1 Replies View Related

SQL Server 2014 :: Add A Step To Add To Encrypt Backup

Jul 7, 2015

I have inherited a job that is calling a maintenance plan. The maintenace plan makes a back-up of various databases.I have to add a step to add to encrypt the backup. I have the exe already. Its called "EncryptBackup.exe".My difficulty is I do not know how to add the step to the job exactly. The command syntax eludes me a bit. The syntax for the encrypter exe is:

C:exesEncryptBackup.exe C:DBBackupFolderA Encypt filename.bak

The output is "filename_encrypt.bak". It should be noted that there exists several sub-folder off: C:DBBackup like FolderA, FolderB, etc...each one holds a database.

View 5 Replies View Related

SQL Security :: Importing Existing PEM Certificate Into Server

Oct 26, 2015

I must prepare a procedure which should export some data from some DB columns, but these data must be encrypted using the OpenSSL protocol, to be sent to an external recipient.This recipient sent to me a "public" certificate in PEM format, to what I understood (it is a file beginning with the expression "-----BEGIN CERTIFICATE-----", then a long Base64 sequence and then "-----END CERTIFICATE-----").

Then I didn't create the certificate nor I am a certification authority: I just have this public key (or, at least, a file from which I can extract a public key) and I must use it to encrypt data in order to obtain an output which must be analogue to what I can obtain when using this OpenSSL command line instruction:openssl rsautl -encrypt -in CF.txt -out CF.enc -inkey SaniteICF.cer -certin -pkcs

Then the question is: starting from this PEM file and nothing else, can I import it and store an asymmetric key or a certificate in SQL Server and use it to encrypt data to be exported?

View 9 Replies View Related

SQL Server Admin 2014 :: SSL Configuration - Unavailable Certificate

Oct 1, 2014

I want to use a certificate with 10-years expiration date. I created a new template certificate, based on default computer certificate, and I only change expiration date to 10 years.

In SQL Server SSL configuration, I dont view this certificate. In only view certificate created with the "Computer" template (with validity period of 365 days). All others certificates based on template are invisible to SQL Server

How can I use a custom template instead of the default "computer" template ?

View 0 Replies View Related

Algorithm To Encrypt The Password Into Security Directory

Mar 30, 2007

Hi,



I need know what algorithm to encrypt the password into Security Directory, if anybody know the name.



Thanks

View 1 Replies View Related

SQL Server 2014 :: How To Encrypt And Check A Login Password

Jul 6, 2014

I am trying to learn how to store a web form password and than check it when the user log in. So far none of the code I can find works.

Why the following test does not work and what the correct code should be?

Insert Into [user]
values ('name', 'email', HashBytes('SHA1', 'bob'))
GO

Why does the following produce no rows?

SELECT *
From [user]
Where HashBytes('SHA1', password) = HashBytes('SHA1', 'bob')

View 8 Replies View Related

TRYING TO CREATE CERTIFICATE FOR SERVICE BROKER SECURITY BUT GETTING ERROR

May 22, 2007

hi all,

i m trying to send message between different server instance using service broker.

and for security purpose i am trying to create certificate. for that i have used makecert.exe and get a certificate and a private key. but when i am creating certificate using that file it is showing error

the code is --

CREATE CERTIFICATE ctfSourceServerMaster

FROM FILE = 'C:SourceServer.cer'

WITH PRIVATE KEY ( FILE = 'C:SourceServer.pvk', DECRYPTION BY PASSWORD = 'PrivateKeyPassword' )

ACTIVE FOR BEGIN_DIALOG = ON

GO

i have created the file SourceServer.cer' and SourceServer.pvk' by using makecert.exe tool.

the idea behind creating the certificate ctfSourceServerMaster is to give transport security.

I am running the particular script in the master database.

but still i am getting error

ERROR:----

The certificate, asymmetric key, or private key file does not exist or has invalid format.



If any body has any idea please help!!!!!!!!!!!

Thanks a lot in advance

View 1 Replies View Related

SQL Security :: Unable To Initialize SSL Encryption Because A Valid Certificate Could Not Be Found

Nov 19, 2015

 We are unable to login in database due to “The server could not load the certificate it needs to initiate an SSL connection. It returned the following error: 0x80090331. Check certificates to make sure they are valid. Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.”we have tried to run that selfssl.exe from command prompt followed by below command and am getting the cryptographic error.

View 3 Replies View Related

How To Determine If The Logged On User Is A Member Of An Active Directory Security Group?

Aug 7, 2007



We are using Windows authenication within our system, and I was wondering how it would be possible to determine if the user conected to the SQL SERVER instance was a member of a particular active directory security group?

Thanks.

View 3 Replies View Related

SQL Server Admin 2014 :: Determine Which Server Is Currently Active For Availability Groups

Nov 25, 2014

I want two write a small script to determine which is the currently active (primary) server in the AG.

Right now, I see that using SELECT * FROM SYS.dm_hadr_availability_replica_states I can determine the role. However, when the server goes down and switches to the secondary node, I don't believe that the role changes (or does it?). How do I determine which is the active node?

View 9 Replies View Related

Add A PFX Certificate Into A SQL Database

Mar 6, 2008

I can use "CREATE CERTIFICATE" to add a CER certificate into a SQL database. How can I do so with a PFX certificate? From the document, it can be done so with a CER file and a PVK file, but only a PFX file.

View 1 Replies View Related

Encrypt Data In Database

Jun 23, 2007

Hi,I have a .net application and i added a code that encrypts data saved in database. However, there is already data in the fields that was entered before this change.I know need to check if the values in those fields are encrypted and if not i need to encrypt them.How can I perform such a check and update the relevant data?I use TrippleDES in .net to encrypt/decrypt the data.Thanks

View 1 Replies View Related

How To Encrypt Database In SQLServer2000, Please Help Me, Thanks

Dec 26, 2005

I have 2 questions:

1. How to encrypt data of database in SQL Server 2000 ? Someone can't see true data

if without password or something else.

2. If i have 2 database . All of them have same table, structure, ....How to update or insert or change in the second database when i update or insert or change in the first database automatically ?

Thank you very much.

View 10 Replies View Related

Possible To Encrypt Database Assembly?

Oct 11, 2006

Hello.

I've built a simple Visual Basic .NET project containing the following code...

Imports System
Imports System.Data
Imports System.Data.SqlClient
Imports System.Data.SqlTypes
Imports Microsoft.SqlServer.Server

Partial Public Class StoredProcedures
<Microsoft.SqlServer.Server.SqlProcedure()> _
Public Shared Sub WhoAmI()
Using connection As New SqlConnection("context connection=true")
connection.Open()
Dim command As New SqlCommand("SELECT SUSER_SNAME()", connection)
SqlContext.Pipe.ExecuteAndSend(command)
End Using
End Sub
End Class

From Visual Studio, I want to encrypt the contents of this assembly, as a proof-of-concept.
Even though assembly contents are stored as varbinary(MAX) in the database, converting to varchar(MAX) will expose the code.

However, the Dotfuscator Community Edition reports the following error: "Dotfuscator Community Edition cannot operate on SQL Server applications.... please try Standard or Professional Edition."

Has anyone tried encrypting a database assembly and deploying to the database?

A good test would be to issue the following TSQL script against the database holding the assembly...

-- Does the sample code above run?
EXEC dbo.WhoAmI
GO
-- Is the code readable?
SELECT * , Convert(varchar(MAX), content) FROM sys.assembly_files

View 4 Replies View Related

SQL Security :: Can't Connect To Server 2014 When TLS 1.0 Is Disabled

Jun 24, 2015

After installing SQL Server 2014 SP1 CU1 (build version 12.0.4416.1) the SQL Server service no longer fails to start when TLS 1.0 is disabled, but no matter what I have tried I can't successfully connect to the database.When trying connect using shared memory I get this message:A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - No process is on the other end of the pipe.) (Microsoft SQL Server, Error: 233)And if I tryTCP/IP or Named Pipes I get this:

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified) (Microsoft SQL Server, Error: -1)

TLS 1.1 and TLS 1.2 are enabled on the computer and working fine for IIS. what I can do to get SQL Server to work successfully with TLS 1.2 or is it still just not supported yet?

View 8 Replies View Related

SQL Security :: Why (nt Authority System) Is Not A Sysadmin On Some 2014 ENT Box

Jun 22, 2015

Why 'nt authority system'  is not a Sysadmin on some SQL server 2014 ENT box? and it is on others?

View 2 Replies View Related

Certificate Loading Issue - When Creating Certificate From SQL Server To SQL Server Express On The Same Machine

Jun 29, 2007

Hi, We are trying to implement Service Broker between SQL Server Express and SQL Server on the Same machine and we are having problems with certificates. We are creating a certificate on SQL Server, backing up the certificate on a file system and then loading certificate on the SQL Server Express from the file and we are keep getting the following error: Msg 15208, Level 16, State 1, Line 1 The certificate, asymmetric key, or private key file does not exist or has invalid format.



Following script runs fine on SQL Server.




Code Snippet

use master



Create Master Key Encryption BY Password = '45Gme*3^&fwu';

BACKUP MASTER KEY TO FILE = 'C:ServiceBrokerPrivateKeyMasterB.pvk'

ENCRYPTION BY PASSWORD = '45Gme*3^&fwu'

Create Certificate EndPointCertificateC

WITH Subject = 'C.Server.Local',

START_DATE = '06/01/2006',

EXPIRY_DATE = '01/01/2008'

ACTIVE FOR BEGIN_DIALOG = ON;

BACKUP CERTIFICATE EndPointCertificateC

TO FILE = 'C:ServiceBrokerEndPointCertificateC.cer'



Following script runs on SQL Server Express:






Code Snippet

Create Certificate EndPointCertificateC

From FILE = 'C:ServiceBrokerEndPointCertificateC.cer'

WITH PRIVATE KEY (

FILE = 'C:ServiceBrokerPrivateKeyMasterB.pvk',

DECRYPTION BY PASSWORD = '45Gme*3^&fwu'

);





If we run the script other way around, it works fine. If we use the SQL Server on some other machine, the script works fine. But only on the same machine, it throws this error. We made sure the permissions and everything. Let us know if there is any work around or what are we doing wrong.



Any help is appreciated. Thank you,

View 4 Replies View Related

Database Mirror Certificate Expired

Jun 11, 2007

anyone has the experience to solve this?

View 8 Replies View Related

How Can I Encrypt Or Mask A Column In The Database

Sep 26, 2007



How can i encrypt or mask a column in the database?

Any help will be appreciated
Regards
Karen

View 4 Replies View Related

SQL Server Admin 2014 :: PowerShell Security Error

Jul 16, 2015

I have a SQL Server 2014 instance running on a SQL Server 2008 R2 server. The server is not clustered, it is just a stand alone SQL Server. The syspolicy_ purge_history job fails every now and then with the error message: "A job step received an error at line 1 in a PowerShell script. The corresponding line is 'import-module SQLPS -DisableNameChecking'. Correct the script and reschedule the job. The error information returned by PowerShell is: 'Access to the path 'PowerShell_CommandAnalysis_Lock' is denied. '. Process Exit Code -1. The step failed."

Google isn't bringing up much besides the whole"If this is a clustered server make sure you have the right server name in the command" answer, which isn't the case here. Some days this job fails and some days it succeeds. I have checked out task scheduler to see if there were any conflicts there, found nothing. Nothing in the event viewer either.

View 2 Replies View Related

Database Mirroring Using Certificate? (two Principles And One Mirror)

Dec 22, 2006

Hi, all.

here is the situation.

we designated one server as a mirrored server. this server will host all mirrored databases from different principles in different server using certificate.

1) Server A (Principle) Server B(Mirrored)
2) Server C (Principle) Server B(Mirrored)

I was able to set up mirroring between A and B. But unable to set up mirroring between C and B.
My question is "Can I grant connect on endpoint to two different host logins?"

For example, on the server B
I created two different logins for Server A and C in order to assign different certificates to two principle servers.

For Server A.
create login server_A_login with password = 'djkkajnxks';
go
create user server_A_user for login server_A_login
go
create certificate server_A_cert
authorization Server_A_user
from file = 'c:certificateserver_a_cert.cer'
go

GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [server_a_login];
GO


For Server C.
create login server_C_login with password = 'djkkajnxks';
go
create user server_C_user for login server_c_login
go
create certificate server_c_cert
authorization Server_c_user
from file = 'c:certificateserver_c_cert.cer'
go

GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [server_c_login];
GO

when I set up like this and try to start mirroring, I am getting error from server c saying, "the network tcp:serverb.corp.com can not be reached or does not exist"

But mirroring between server a and b is OK. I set up them first, then between c and b.

any ideas?

thanks,

View 2 Replies View Related

Encrypt An Existing Database In SQL Server 2005

Dec 3, 2007

Hi! I have an existing database in SQL Server 2005 and I would like to apply encryption on my database. Does anyone have an idea on this?

View 7 Replies View Related

SQL Server Admin 2014 :: How Does Security Works Between Availability Groups

May 21, 2014

how does security works between availability groups.

ex if i create an object and grant permissions to a user will that be replicated to secondary replica .

View 4 Replies View Related

SQL Server Admin 2014 :: Any Kind Of Security Risks For Enabling CLR?

Jan 21, 2015

SSISDB 2014 - Enabling CLR - Is there are kind of security risks for enabling CLR when creating SSISDB?

View 0 Replies View Related

How To Determine Last LSN For Database

Feb 13, 2008



What is the most reliable way to determine the last LSN of a database? I've looked in sys.database_files to no avail. I've also looked in msdb.dbo.backupset which is accurate but only based on backups already performed not the current state of the database.

-joe

View 5 Replies View Related

How To Encrypt My Password Or Sensitive Data Before Storing Them In A Database , Using SQL Server 2005?[urgent Plz Help]

Jan 7, 2007

Hi there ,1. i have a database and i want to encrypt my passwords before storing my records in a database plus i will later on would require to  authenticate my user so again i have to encrypt the string provided by him to compare it with my encrypted password in database below is my code , i dont know how to do it , plz help 2. one thing more i am storing IP addresses of my users as a "varchar" is there a better method to do it , if yes plz help me    try        {            SqlConnection myConnection = new SqlConnection();            myConnection.ConnectionString = ConfigurationManager.ConnectionStrings["projectConnectionString"].ConnectionString;            SqlDataAdapter myAdapter = new SqlDataAdapter("SELECT *From User_Info", myConnection);            SqlCommandBuilder builder = new SqlCommandBuilder(myAdapter);            DataSet myDataset = new DataSet();            myAdapter.Fill(myDataset, "User_Info");            //Adding New Row in User_Info Table               DataRow myRow = myDataset.Tables["User_Info"].NewRow();            myRow["user_name"] = this.user_name.Text;            myRow["password"] = this.password.Text; // shoule be encrypted             //not known till now how to do it                       myRow["name"] = this.name.Text;            myRow["ip_address"] = this.ip_address.Text;                        myDataset.Tables["User_Info"].Rows.Add(myRow);            myAdapter.Update(myDataset, "User_Info");            myConnection.Close();            myConnection.Dispose();        }        catch (Exception ex)        {            this.error.Text = "Error ocurred in Creating User : " + ex.Message;        }  

View 3 Replies View Related

Need To Determine If Records Are Already In Database

Feb 21, 2001

Problem: I can add 4 items to a SQL 7.0 database but I need to redirect the user if all 4 items exist in the same Record elsewhere in the Database.

Clearly I need some kind of statement like "if category1 = var1 AND category2 = var 2 AND..." but don't know where to put it.

Code:

strSQL = "SELECT * FROM tblUserQuarter"

Set objRS = Server.CreateObject("ADODB.Recordset")
objRS.Open strSQL, objConn,adOpenStatic , adLockOptimistic

'Insert choices from report.asp into tblUserQuarter
objRS.AddNew
objRS("cboFY") = Request.Form("cboFY")
objRS("Quarter") = Request.Form("Quarter")
objRS("ID") = Request.Form("ID")
objRS("Report") = Request.Form("Report")
objRS.Update

objRS.Close
Set objRS = Nothing
objConn.Close
set objConn = Nothing

View 1 Replies View Related

How To Determine Size Of Database

Feb 25, 2015

I ran a query to see how big my database on my SQL Server is and do not understand the metrics. I want to see how much of my 10GB database is left.

database_namedatabase_sizeunallocated space
ANTHEMQ 6521.06 MB243.55 MB

reserveddata index_sizeunused
1332304 KB1328168 KB1800 KB 2336 KB

View 3 Replies View Related

How Can I Determine The Size Of A Database?

Mar 8, 2007

Simple question...

When I use the full version of SQL Management Studio, I can run a report to view the size. How can I do this with SQL Mgmnt Express?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved