Remote Access - How To && Security Concerns
May 4, 2006Is anyone familiar with how to enable remote access to SQL Server 2000? ...and what are you security issues surrounding this?
Any help appreciated.
Adamus
ADVERTISEMENT
Security Concerns
Jun 13, 2007I have a web application where I allow the user to specify the select statement and the where clause. Basically I will receive two strings, first being the select and second being the where clause. Then I will structure the final sql statement as "SELECT " + first_string + " FROM Table_Name + " WHERE " + second_string.
I understand there are big security concerns by opening up SQL server like this, but I have no choice at this time. What should I look for in the select statement and where clause? Any tips or suggestions are appreciated!
Penn
Security Concerns
Oct 2, 2007Hi,
Wondered if you peeps could offer me some advice on this. The company i'm working for has recently invested in a massive bespoke CRM system. The software company thats worked on it has today specified the servers for the new system, just want to check what they're telling us.
Two servers, one front end running IIS and .NET, one backend running MySQL.
They said its essential that a hardware firewall is placed in between the servers and the back end machine is not directly assessable from the internet. They've told the directors all the usual scare tactics that the customer data is at risk if we dont have this - personally I think they're just pushing they're own hosting solution.
So, question is - is MySQL that insecure that it needs to be firewalled off?
Our hosting company is looking at about £2000 for the firewall and configuration. Is that nessessary?
I suggested IPSec on the servers as an alternative, they rubbished that saying its not secure enough.
Any advice appreciated
Thanks
Security - Remote Access
May 4, 2007I'm creating an app that will connect to a central sql server 2005 (hosted on a Win2003 server with Windows Firewall on). I added sqlservr.exe and sqlbrowser.exe to the firewall exceptions to allow for remote connections. Now, an admin I know is telling me that this is not secure and we must configure those 2 exe's to only be accessed by certain IP addresses. I want to make sure the database is very secure, but this sounds like overkill. ??
Questions:
Is this necessary (to limit access to these 2 exe's to certain IP addresses)?
How would I be able to distribute my application to different users if this is so?
How can I make sure that the SQL Server won't get "attacked" or "hacked"?
Mel
Access To The Remote Server Is Denied Because The Current Security Context Is Not Trusted
Jun 27, 2007I am unable to run a stored procedure that accesses a linked Oracle database as a dataset for a deployed report in Reporting Services. I receive the following error:
An error has occurred during report processing.
Query execution failed for data set 'spName'.
Access to the remote server is denied because the current security context is not trusted.
A few facts ...
The report previews fine in Microsoft Visual Studio 2005 Version 8.0.50727.762 (SP.050727-7600) report designer with VS being installed on my local machine and a shared data source referencing Server1
The deployed report on Server2 produces the error
The stored procedure code is similar to the following:
SELECT x.FieldName as OracleField
,y.FieldName as SSfield
FROM OracleLinkedServer..DatabaseName.TableName x
LEFT JOIN Server1.dbo.TableName y
The deployed report runs fine when the stored procedure code is changed as follows. This indicates to me that the problem is truly an Oracle connection issue;
SELECT 'ABC' as OracleField
,y.FieldName as SSfield
FROM Server1.dbo.TableName y
The Oracle database is a linked database on both SQL Server1 and on SQL Server2 database engines. (I don't see where in Server2 Reporting Services I can specify additional server connections.)
I've tried to trick Mr. Reporting Services on Server2 by creating a @L_TempTable in my stored procedure, inserting the data into it, then selecting from a SQL Server1.dbo.TableName LEFT JOIN @l_TempTable, but Server2 still knows I'm trying to get out to Oracle and rewards me with the error.
I can effectively run the Server1 stored procedure script on Server2 through MSSMS -- it's just the deployed report that references the stored procedure that doesn't work
The data source properties of the deployed report are as follows:
Select -- A Custom Datasource
Connection Type: Microsoft SQL Server
Connectoin String: Data Source=Server1;Initial Catalog=DatabaseName
Select -- Credentials stored securly in the report server
Username: UserName
Password: Password
Check -- Use as Windows credentials when connecting the the data source
Check -- Impersonate the authenticated user ...
(Please do not get sidetracked on the 'A Customer Datasource' selection above. I'd rather be using a shared data source, but right now, this is just the way it is.)
Anyone's expertise would be greatly appreciated. We have a great data warehouse but sometimes you just have to go back to the Oracle ERP and slug it out. What do I need to do to get a deployed report to effectively read from a stored procedure that references an Oracle table?
To everyone, thanks for reading!
~ Delora
Access To The Remote Server Is Denied Because The Current Security Context Is Not Trusted.
Aug 25, 2006Hello,
In SQL 2005, from a stored procedure in a local database I am attempting to execute a remote stored procedure in another database on another server. I am getting the error referred to in the Subject when the local stored procedure tries to execute the remote stored procedure. A couple of comments:
The remote database is set up as a linked server in the local database. As part of the linked server definition I selected the 'be made using this security context', and provided a local user name and password.
The remote database is set to Trustworthy.
I have tried every combination of WITH Execute As on the remote stored procedure but nothing works.
I can query against the remote database successfully within Management Studio. I can even execute the remote stored procedure successfully from within M.S., but not from within my local stored procedure when it is run.
Thank you for your help on this - Amos.
Access To The Remote Server Is Denied Because The Current Security Context Is Not Trusted
Jun 27, 2007I am unable to run a stored procedure that accesses a linked Oracle database as a dataset for a deployed report in Reporting Services. I receive the following error:
An error has occurred during report processing.
Query execution failed for data set 'spName'.
Access to the remote server is denied because the current security context is not trusted.
A few facts ...
The report previews fine in Microsoft Visual Studio 2005 Version 8.0.50727.762 (SP.050727-7600) report designer with VS being installed on my local machine and a shared data source referencing Server1
The deployed report on Server2 produces the error
The stored procedure code is similar to the following:
SELECT x.FieldName as OracleField
,y.FieldName as SSfield
FROM OracleLinkedServer..DatabaseName.TableName x
LEFT JOIN Server1.dbo.TableName y
The deployed report runs fine when the stored procedure code is changed as follows. This indicates to me that the problem is truly an Oracle connection issue;
SELECT 'ABC' as OracleField
,y.FieldName as SSfield
FROM Server1.dbo.TableName y
The Oracle database is a linked database on both SQL Server1 and on SQL Server2 database engines. (I don't see where in Server2 Reporting Services I can specify additional server connections.)
I've tried to trick Mr. Reporting Services on Server2 by creating a @L_TempTable in my stored procedure, inserting the data into it, then selecting from a SQL Server1.dbo.TableName LEFT JOIN @l_TempTable, but Server2 still knows I'm trying to get out to Oracle and rewards me with the error.
I can effectively run the Server1 stored procedure script on Server2 through MSSMS -- it's just the deployed report that references the stored procedure that doesn't work
The data source properties of the deployed report are as follows:
Select -- A Custom Datasource
Connection Type: Microsoft SQL Server
Connectoin String: Data Source=Server1;Initial Catalog=DatabaseName
Select -- Credentials stored securly in the report server
Username: UserName
Password: Password
Check -- Use as Windows credentials when connecting the the data source
Check -- Impersonate the authenticated user ...
(Please do not get sidetracked on the 'A Customer Datasource' selection above. I'd rather be using a shared data source, but right now, this is just the way it is.)
Anyone's expertise would be greatly appreciated. We have a great data warehouse but sometimes you just have to go back to the Oracle ERP and slug it out. What do I need to do to get a deployed report to effectively read from a stored procedure that references an Oracle table?
To everyone, thanks for reading!
~ Delora
SQL 2012 :: Access To Remote Server Is Denied - Current Security Context Is Not Trusted
Feb 10, 2014We've got 3 SQL Servers all SQL Server 2012. We have a Master server and 2 production servers (let's call them A and B). The Master has linked servers defined for both A and B in an identical way.
A and B both have the same databases and each has a Stored Proc that gets called by the Master server.
An SQL Agent job executes the stored proc on both A and B.
It works fine against A but not B.
If we execute the stored proc in a query window under our windows account (domainowner) it works, if we use SetUser to pretend to be the SQL Server Agent account (let's call it domainagent) A works and B doesn't.
Executing against B returns the error "Access to the remote server is denied because the current security context is not trusted."
domainagent is a sysadmin on both Server A and B.
Trustworthy is set to ON in both the Master Server Database it's executing from and the remote databases on both A and B.
All 3 databases have the same owner (let's call it domainowner).
For Remus - Access To The Remote Server Is Denied Because The Current Security Context Is Not Trusted.
Aug 25, 2006Remus (or anyone who can help) -
I am sorry for posting this question here. The only reason I am doing so is because Remus answered a question similar to this late last year, but I couldn't get access to the whole thread.
In SQL 2005, from a stored procedure in a local database I am attempting to execute a remote stored procedure in another database on another server. I am getting the error referred to in the Subject when the local stored procedure tries to execute the remote stored procedure. A couple of comments:
a.. The remote database is set up as a linked server in the local database. As part of the linked server definition I selected the 'be made using this security context', and provided a local user name and password.
b.. The remote database is set to Trustworthy.
c.. I have tried every combination of WITH Execute As on the remote stored procedure but nothing works.
d.. I can query against the remote database successfully within Management Studio. I can even execute the remote stored procedure successfully from within M.S., but not from within my local stored procedure when it is run.
Thank you for your help on this - Amos.
Error 15274: Access To The Remote Server Is Denied Because The Current Security Context Is Not Trusted.
Sep 12, 2007Hi,
I have a stored procedure servicing a queue (sql 2005).
The stored procedure updates some data in a different server and database.
If the queue contains messages and I execute manually the stored procedure, I don't have any problem at all.
However, if I set the queue to use the same stored procedure, it gives me the following error:
Error 15274: Access to the remote server is denied because the current security context is not trusted.
Any ideas?
Thanks,
Aron
Code Access Security Across Multiple Assembly Security Extension
Oct 14, 2005Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.
View 9 Replies View RelatedRemote Access Server Configuration Option And Remote Query Timeout?
Jun 2, 2015- When I disable "allow remote connections to this server" from server properties>connection page, I can still remotely connect to the server from SSMS...so what is the impact of enable/disabling it?
- what is the impact of changing the remote query timeout (on the same page) from default value?
Windows Update Concerns For A SQL Server
Jan 10, 2008Is there anything special that I need to worry about in regards to Windows Updates on SQL Servers? I do not have a good development environment yet so testing them first really isn't feasable. (This is going to change very soon. I'm just waiting on a fiber card so I can connect the Dev server to a RAID.) The SQL Servers are pretty far back in regards to MS updates so I want to make sure I won't do any damage to the DBs or SQL Server itself. The first update that I am going to install is Windows Server 2003 Service Pack 2.
Thanks.
Remote View Security
Oct 21, 2007We have a Foxpro database on our local machine and a shared sql server database on our remote machine. We have created a remove view that updates or inserts data into the sql server db using the local foxpro data.
What is the recommended way to secure these updates or inserts? We're worried that since our data is not encrypted, it is a security risk.
Thanks in advance.
Basic Security Question For Remote App
May 1, 2007I'm designing a C# winforms app that will be used by 500 customers/companies. The customers will use the app to edit data for their company on the remote SQL Server. What's the best way to manage security in terms of logins/passwords? Should each user have a different login? (probably not) Or should the application have it's own login/password that is encrypted and the user never knows what the login/password is?
Also, is it necessary to use Web Services for this application? Any other thoughts/comments are very welcome.
Newbie To Remote SQL 2005 Express - Need Roles/security Advice
Aug 30, 2006Hi,I'm
building an asp.net website using web developer express and I have a
SQL 2005 express install on the same machine. Using windows security,
everything works fine for development.Now I need to get it working at the client site, where the web server and SQL 2005 Express are on different machines.I'd
tried using windows authentication but that didn't work, probably
wasn't doing it correctly. I'd like to try SQL Authentication, at least temporarily, since I
can replicate that on my laptop at home easily I think.I created a new SQL login but was really baffled by the screens showing roles and schemas, etc. There's so many roles to choose from and wasn't sure if this new login needed to own any schemas. I
did turn on remote connections and mixed-mode authentication, the
probably now is my asp.net membership provider login page isn't
authenticating correctly, maybe my permissions are wrong on the
aspnet_..... tables for users, roles, profiles, etc. Any advice?thanks,Bruce
MS Access Security
Jan 3, 2006Applied Access security feature to a database using its Security Wizard. Procedure went smoothly.
Been developing a software using VB 6.0 using an Access database as the main data source. Haven't had any problem manipulating the database via VB, but recently attempted to modify the database structure via Access, but was unable to do so, because either my username or password is allegedly invalid. Tried all passwords I can recall, but unable to get through. Haven't been able to create a new database, either.
Development of the software and creation of the Access database is being done on a stand alone laptop, that may or may not have been a workstation in a network.
Any help to resolve this issue would be appreciated.
Napatan
Security Access
Aug 24, 2006I would like some clarification please...
I have setup Windows Authentication to SQL2005 using a group with a default database. The group has access to the default database.
Now it's my understanding, if I have a user that's a member of the group, idividual access does not need to be setup to connect to SQL Server. Users connect on the credentials of the group... Is this a correct interpretation??
Ex: Windows groupname = SQLConnect Default db = Anydb
Anydb has groupname SQLConnect connect permissions
Windows username = test1 (is member of SQLConnect group)
Problem: test1 trys to login but gets an error that they can't connect to default db...
How To Access The DB With Integrated Security
May 11, 2007Hello,
I'm new to ASP, but developping in Sql for years.
What we would like to have is that the user is accessing the database over it's own Windows Logon. Our triggers log quite some changes and are using UserName() for this. I've treid to force the IIS to accept Windows Integration only, the SqlDataSource users a connection that has Integrated Security = True. But when connection to the site i'm gatting error that there is no trusted connection for the user . (dot) ...
I suppose i'm missing something but could you give me a hint where to start looking..... THX
SQL Server Access/Security
Aug 22, 2001In the process of reviewing all Security access into our production servers, I found a user login name of 'BUILTIN/Administrators' with the type 'NT Group' in our production DB. I am not sure whether this Login was setup automatically when SQLServer was installed or it was setup by the administrator, who is no longer with the company? I was able to find out all the users in the Administrators NT group, but what threw me was the word 'BUILTIN' . Are there other Logins besides 'sa' that get setup during the install?
Thanks.
Helen
SQL 7 Security And Access 97 Front End
Jan 26, 2001I am using Access 97 as a front end to access SQL 7 server on NT 4.0 server.
I've set up security model based on NT authentication only. Users have login right to login to SQL and they have public & dataread & denydatawrite access. They also have SELECT permission on a table object and have no permission to INSERT, DELETE and UPDATE.
When I use Access 97 to access a database, users are still capable of inserting and deleteing records in tables.
Am I doing something wrong?
Thanks, Michael.
Microsoft Access Security
Jan 20, 2004I HAVE CREATED A SECURITY DATABASE USING A NEW WORKGROUP FILE WITH A NEW MDW FILE NAME. THE DATABASE ITSELF CONTAINS SEVERAL GROUPS OF USERS AND SEVERAL USERS. THE DATABASE WORKS AS DESIGNED.
THE PROBLEMS IS IF I OPEN THIS DATABASE USING THE SYSTEM.MDW FILE, THE DATABASE OPENS AND GIVE ME COMPLETE ACCESS TO EVERYTHING.
CAN ANYONE EXPLAIN WHAT IS HAPPENING.
ANY HELP WILL BE APPRECIATED
THANKING YOU IN ADVANCE
JOSEPH FORD
Security With Web-based Access
Jul 20, 2005First of all, I have never done any web-based stuff, so if thefollowing sounds ignorant, it's because I am!So far all our SQL Servers are accessed only over our network and weuse Windows authentication. Now the guy I'm working with on thedesign of our next stuff wants the two new databases (a transactionalone and my data warehouse) to be additionally accessed by web-basedapplications via our company intranet (NOT THE INTERNET). How do weauthenticate under these conditions? The webserver machine will betalking to the SQL Server ones, i.e. the databases will each be on thetheir own separate boxes. Can the webserver be a "user"? If so,and we want the actual users to have different privileges, then theweb-based apps have to manage that? Or is there a way for theweb-based apps to grab the Windows user and pass it to SQL Server?
View 7 Replies View RelatedSecurity - Admin Access
Mar 22, 2007How do I grant admin access to a windows account withou having them a part of the administrators group...
I need to give a user access to every report on the server and the ability to administrate the application side of the server but I cannot give them Administrative access to the machine as a whole. I added the user to the system administrators role in team services but this did not allow here to see all the reports. How does she get access to all the reports without being in the Windows local Administrators group?
Thanks
Chris
MS Access - Security Timestamp.
Mar 27, 2007I need a simple way of capturing who updated what in an Access database.
User wants to know for each field in each table.
I think it's to much for Access to handle.
Any ideas?
A.
Please Help With Remote SQL Access
Jul 22, 2005Hi
I have a web application and SQL database on separate SQL 2000 server. I have no admin rights to these servers.The ISP gave me a VPN connection and password to manager my database.If i run the application from my home computer WITH the VPN connected the application works fine.However if i disconnect the VPN or try to run the application from the remote server i get this error:SQL Server does not exist or access deniedI have researched this problem extensively and CANNOT find a solution. The application and SQL 2000 database server are on different computers. The SQL user id and password are different from the VPN connection's.My web config looks like this:<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="mappedname" value="username"/>
<add key="mappedkey" value="password"/>
</appSettings>
<system.web>
<globalization fileEncoding="utf-8" requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>
And the application connection string is as follows:Dim usersql As String = System.Configuration.ConfigurationSettings.AppSettings("mappedname")
Dim passsql As String = System.Configuration.ConfigurationSettings.AppSettings("mappedkey")
connectionString = "data source=xxx.xxx.xxx.xxx;initial catalog=databasename;"
connectionString &= ";user id=" & usersql
connectionString &= ";password=" & passsql
I am obviously missing something. Not sure what or how to pass the permissions on properly.Can some kind soul please help me with this problemThank YouJeff
Remote Access
Oct 26, 2000How can I access Sql server via a remote access tools. I want to be able to use somekind of software to be able to work on a server as if I am physically there. I would appreicate your input about this issue.
Ali
Cannot Access The Security Page In ASP.Net Configuration
Mar 9, 2007Hi,
Im developing an application in Visual Web Developer with an MS SQL Server Database.
I have Visual Web Developer Express edition installed on my machine and i had MS SQL Server 2005 Express Edition and everything was fine.
However i need to use SQL Server Agent to develop a job and this is not included in the express Edition of Ms SQL Server 2005 Express Edition.
So i installed the 2005 developer edition of MS SQL Server.
Now Im currently getting the following error when i access the security page in the ASP.Net Configuration page
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
Anyone tell me how i can fix this error?
Security Access Permissions To Run Job (Urgent)
Jun 22, 2000What kind of permissions do you need to be able to run a job created by another user or sa if you are not the job owner and don't have any sys admin priveldges??
View 1 Replies View RelatedIIS Access To SQL Server With Trusted Security
Dec 7, 2000Does anyone know of a component or other mini application that can be run on the IIS server and allow IIS to access SQL Server 7 databases using Trusted Security.
Our security unit has required us to run SQL Server with Trusted Security so changing to Mixed mode is not an option. We are also not allowed to use Basic Authentication for Active Server Pages with IIS. IIS and SQL server are also on different machines.
We are looking into the possibility of trying to create a component that would run on the IIS machine to allow us to use Trusted Security to the SQL Server (in effect try to make it work the same way that the Cold Fusion product does).
Any help would be really appreciated.
Thanks
Need Access-like Security Of SQL Server Express
Jun 8, 2007Is there a way to implement Access-like password protection on a SQL Server Express dataset?
The database will be deployed on individual's PCs with no centralization of control. I want to restrict users from being able to see table definitions, stored procedures, etc. Access-like password protection is what I want, but I don't see any similar feature within SQL Server Express. Am I missing something?
Basic Security Differences Between SQL And Access
Jan 16, 2008Ok, I know it's a really basic question but I'm hoping someone will humor me. Not being a database expert I am wondering what the basic security differences are between a SQL server db and an Access db. What makes SQL a more secure choice for confidential information over Access.
I know from a useability SQL is the better choice being a multiuser access platform but I am not familar with security mechanisms employed.
I appreciate any info on this.
Thank you.
SQL Express On Vista - No Security Access.
Jan 17, 2008I installed SQLE 2005 on vista home prem, and when I go to the studio and attempt to create a database, I get the message below. I am running under an admin account, but the system sees me as a standard user.
Do I need to re-install and tell the system to allow me to log on via. an ID/PW?
Is there a vista patch?
Should I re-install XP?
Also, not having this issue with the same SQLE version and an XP machine.
Thanks
TITLE: Microsoft SQL Server Management Studio Express------------------------------Create failed for Database 'test'. (Microsoft.SqlServer.Express.Smo)For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.3042.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+Database&LinkId=20476------------------------------ADDITIONAL INFORMATION:An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo)------------------------------CREATE DATABASE permission denied in database 'master'. (Microsoft SQL Server, Error: 262)For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.3042&EvtSrc=MSSQLServer&EvtID=262&LinkId=20476------------------------------