Empty Column: select

Showing posts with label select. Show all posts

Tuesday, March 27, 2012

Encryption of SQL Queries

Hi.

I am running SQL select queries over a network from a SQL Server to a mySQL server by creating a linked server.

I need data to be encrypted (nothing heavy), but some form of encryption over the network as it exits the firewall.

Any help appreciated.

Karloi'm no expert with sql server. but i am pritty good with using Windows networking. i think in this case you might wanna check out IPSec deployment. it would be the most secure option. the Windows 2003 site has alot of docs on ipsec. also to some extent i think ssl might work too but i'm not sure|||

Karlo S wrote:
Hi.
I am running SQL select queries over a network from a SQL Server to a mySQL server by creating a linked server.
I need data to be encrypted (nothing heavy), but some form of encryption over the network as it exits the firewall.
Any help appreciated.
Karlo

Natively with SQL you can utilise certificates to achieve this, or indeed IPSec if your mySQL server supports it, and if both servers were SQL 2005 MS might suggest using HTTP endpoints.
However you mentioned firewalls, and I would recommend that you implement a firewall to firewall VPN between your network and the destination network containing the mySQL. This simpifies things greatly, and requires no config on either database server.

Encryption of SQL Queries

Hi.

I am running SQL select queries over a network from a SQL Server to a mySQL server by creating a linked server.

I need data to be encrypted (nothing heavy), but some form of encryption over the network as it exits the firewall.

Any help appreciated.

Karlo S wrote:
Hi.
I am running SQL select queries over a network from a SQL Server to a mySQL server by creating a linked server.
I need data to be encrypted (nothing heavy), but some form of encryption over the network as it exits the firewall.
Any help appreciated.
Karlo

Sunday, March 11, 2012

Encrypt/decrypt MS SQL 2005

hi guyz!! is it posible to ecnrypt data everytime i insert it to a table and decrypt it everytime I select it using the MS SQL 2005 alone?

like for example i have this query statement below

insert username,password users values ('daimous','my_password')

what i want is every time i insert a value to the password column that value should be encrypted first.

select username,password from users

everytime i select the value of the password column should decrypted.
Thanks in advance!!!Passwords should never need to be decrypted.

The standard method of handling them is to store the encrypted value in the database. When a user logs in, the password they submit is encrypted using the same algorithm and compared to the stored encrypted value.

Passwords can thus use one-way encryption algorithms, which are more secure than two-way algorithms.

If you would like a function for one-way password encryption, I can post one for you.|||SQL 2005 comes with two functions "EncryptByKey" and "DecryptByKey". If you have BOL installed on your machine, look over this article:
ms-help://MS.SQLCC.v9/MS.SQLSVR.v9.en/udb9/html/38e9bf58-10c6-46ed-83cb-e2d76cda0adc.htm|||how can i check is BOL is installed in my sql server?|||Query Analyzer/help.

And it should be in your Windows Start menu as well.|||Does SQL Express 2005 edition has it?|||Dunno. But here it is on Microsoft's site, and I'm sure you can download it somewhere. I downloaded 2005's Books Online.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_ga-gz_4z51.asp|||I've already got an idea on how to encrypt data by using the EncryptByKey but when i try to decrpyt it using the DecryptByKey it doesn't return the original text. I've already posted that problem HERE (http://www.dbforums.com/showthread.php?t=1606236). COuld anyone help me on this..thanks!!!

encrypt/ decrypt fields or VB function "StrReverse".

I need to encrypt some fields on insert/ update and decrypt on select.
I have developed a function in visual basic but I need it to be a SQL Server
function. Is there any built-in functions availables to encrypt/ decrypt
fields or a substitution to visual basic's function "StrReverse" .
Kind regards
Khurram ButtThe REVERSE function in T-SQL is equivalent to the StrReverse function
from Visual Basic.
In SQL Server 2000, there are some undocumented functions for one-way
encryption of passwords (and other similar data): pwdencrypt and
pwdcompare. See this page (for example):
http://weblogs.asp.net/bdesmond/arc...8/15/24177.aspx
In SQL Server 2005, things are much better: there are functions for
encryption and decryption (using symmetric or asymmetric keys) and also
for digital signing.
Razvan|||No there are no such built-in functions in SQL Server 2000, probably you
have to handle this in your VB application or by creating extended stored
procedures.
"Khurram Shahzad" <Khurram.Shahzad@.360training.com> wrote in message
news:eFFHjbXrFHA.1236@.TK2MSFTNGP10.phx.gbl...
>I need to encrypt some fields on insert/ update and decrypt on select.
> I have developed a function in visual basic but I need it to be a SQL
> Server function. Is there any built-in functions availables to encrypt/
> decrypt fields or a substitution to visual basic's function "StrReverse" .
> Kind regards
> Khurram Butt
>

Friday, March 9, 2012

Encrpyt

Mex
"David Portas" <REMOVE_BEFORE_REPLYING_dportas@.acm.org> wrote in message
news:1175523112.383268.101970@.b75g2000hsg.googlegr oups.com...
> On 2 Apr, 13:53, "Meelis Lilbok" <meelis.lil...@.deltmar.ee> wrote:
> Do you really want to return "crap" to some users? I suspect not. I
> think your real requirement is to deny user access to data certain
> data. You can do that using GRANT / DENY and no encryption is
> required.
> Encryption is not a substitute for data access control.
> --
> David Portas, SQL Server MVP
> Whenever possible please post enough code to reproduce your problem.
> Including CREATE TABLE and INSERT statements usually helps.
> State what version of SQL Server you are using and specify the content
> of any error messages.
> SQL Server Books Online:
> http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
> --
>
|||Hi
"Redivivus" wrote:

> let me explain what i want
> this "encrpyt" function is needed for web application.
> lets say, we have a bad/lazy programmer in our comapny;). he writes bad code
> and hackers can use sql injection attack
> to get data from database.
> when data is encrypted even with sqlinjection hackers can't get sensitive
> data.
> sry my english is not very good

> Mex
>
Hari has suggested using SQL 2005 encryption features, but you have not said
if you are using SQL 2005!
If you have left yourself vulnerable to SQL Injection attacks then the
hacker may be able to find out what encryption keys are being used or in a
worse case if the victim procedure has opened the keys he may still be able
to see the data through the injection anyhow. This could apply to any method
of server based encryption, you may want to read
http://blogs.msdn.com/lcris/archive/2006/11/30/who-needs-encryption.aspx
Part of your solution should be to make sure that all code is reviewed and a
coding standards implemented and maybe justification should be required when
it is necessary to use dynamic SQL. You may want to read the following
http://www.sommarskog.se/dynamic_sql.html#good_practices
HTH
John
|||On 2 Apr, 17:01, "Redivivus" <meelis.lil...@.deltmar.ee> wrote:
> let me explain what i want
> this "encrpyt" function is needed for web application.
> lets say, we have a bad/lazy programmer in our comapny;). he writes bad code
> and hackers can use sql injection attack
> to get data from database.
> when data is encrypted even with sqlinjection hackers can't get sensitive
> data.
>
You are mistaken. If you allow arbitrary code execution through SQL
injection then anything could be possible within the security context
of the connection. If the authentication layer for your encryption
(password, certificate or some other method) is compromised as a
result then your encryption is worthless. Encryption is no substitute
for controlling data access.
David Portas, SQL Server MVP
Whenever possible please post enough code to reproduce your problem.
Including CREATE TABLE and INSERT statements usually helps.
State what version of SQL Server you are using and specify the content
of any error messages.
SQL Server Books Online:
http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
|||"Redivivus" <meelis.lilbok@.deltmar.ee> wrote in message
news:ew3rnAUdHHA.1080@.TK2MSFTNGP02.phx.gbl...
> let me explain what i want
> this "encrpyt" function is needed for web application.
> lets say, we have a bad/lazy programmer in our comapny;). he writes bad
> code and hackers can use sql injection attack
> to get data from database.
> when data is encrypted even with sqlinjection hackers can't get sensitive
> data.
Sure they can. Because if you have programmers that bad, you'll also do
encryption that poorly.
Ok, granted, I do agree that some encryption is a good idea, but I'd spend
more time with better hiring. :-)
Note, regardless, you still do NOT want to encrypt every column. You really
can't get performance that way. (as in you'll get NONE).

> sry my english is not very good

> Mex
>
> "David Portas" <REMOVE_BEFORE_REPLYING_dportas@.acm.org> wrote in message
> news:1175523112.383268.101970@.b75g2000hsg.googlegr oups.com...
>
Greg Moore
SQL Server DBA Consulting Remote and Onsite available!
Email: sql (at) greenms.com http://www.greenms.com/sqlserver.html

Encrpyt

Mex
"David Portas" <REMOVE_BEFORE_REPLYING_dportas@.acm.org> wrote in message
news:1175523112.383268.101970@.b75g2000hsg.googlegroups.com...
> On 2 Apr, 13:53, "Meelis Lilbok" <meelis.lil...@.deltmar.ee> wrote:
> Do you really want to return "crap" to some users? I suspect not. I
> think your real requirement is to deny user access to data certain
> data. You can do that using GRANT / DENY and no encryption is
> required.
> Encryption is not a substitute for data access control.
> --
> David Portas, SQL Server MVP
> Whenever possible please post enough code to reproduce your problem.
> Including CREATE TABLE and INSERT statements usually helps.
> State what version of SQL Server you are using and specify the content
> of any error messages.
> SQL Server Books Online:
> http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
> --
>|||Hi
"Redivivus" wrote:

> let me explain what i want
> this "encrpyt" function is needed for web application.
> lets say, we have a bad/lazy programmer in our comapny;). he writes bad co
de
> and hackers can use sql injection attack
> to get data from database.
> when data is encrypted even with sqlinjection hackers can't get sensitive
> data.
> sry my english is not very good

> Mex
>
Hari has suggested using SQL 2005 encryption features, but you have not said
if you are using SQL 2005!
If you have left yourself vulnerable to SQL Injection attacks then the
hacker may be able to find out what encryption keys are being used or in a
worse case if the victim procedure has opened the keys he may still be able
to see the data through the injection anyhow. This could apply to any method
of server based encryption, you may want to read
http://blogs.msdn.com/lcris/archive...encryption.aspx
Part of your solution should be to make sure that all code is reviewed and a
coding standards implemented and maybe justification should be required when
it is necessary to use dynamic SQL. You may want to read the following
http://www.sommarskog.se/dynamic_sq...#good_practices
HTH
John|||On 2 Apr, 17:01, "Redivivus" <meelis.lil...@.deltmar.ee> wrote:
> let me explain what i want
> this "encrpyt" function is needed for web application.
> lets say, we have a bad/lazy programmer in our comapny;). he writes bad co
de
> and hackers can use sql injection attack
> to get data from database.
> when data is encrypted even with sqlinjection hackers can't get sensitive
> data.
>
You are mistaken. If you allow arbitrary code execution through SQL
injection then anything could be possible within the security context
of the connection. If the authentication layer for your encryption
(password, certificate or some other method) is compromised as a
result then your encryption is worthless. Encryption is no substitute
for controlling data access.
David Portas, SQL Server MVP
Whenever possible please post enough code to reproduce your problem.
Including CREATE TABLE and INSERT statements usually helps.
State what version of SQL Server you are using and specify the content
of any error messages.
SQL Server Books Online:
http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
--|||"Redivivus" <meelis.lilbok@.deltmar.ee> wrote in message
news:ew3rnAUdHHA.1080@.TK2MSFTNGP02.phx.gbl...
> let me explain what i want
> this "encrpyt" function is needed for web application.
> lets say, we have a bad/lazy programmer in our comapny;). he writes bad
> code and hackers can use sql injection attack
> to get data from database.
> when data is encrypted even with sqlinjection hackers can't get sensitive
> data.
Sure they can. Because if you have programmers that bad, you'll also do
encryption that poorly.
Ok, granted, I do agree that some encryption is a good idea, but I'd spend
more time with better hiring. :-)
Note, regardless, you still do NOT want to encrypt every column. You really
can't get performance that way. (as in you'll get NONE).

> sry my english is not very good

> Mex
>
> "David Portas" <REMOVE_BEFORE_REPLYING_dportas@.acm.org> wrote in message
> news:1175523112.383268.101970@.b75g2000hsg.googlegroups.com...
>
--
Greg Moore
SQL Server DBA Consulting Remote and Onsite available!
Email: sql (at) greenms.com http://www.greenms.com/sqlserver.html

Encrpyt

Hi
What is the best method to encrypt data in tables?
Lets say if special program or user calls select * from names
then all data is visible and normal, but all athers get "crap" with select *
from names
;)
Best Regards;
MexHello,
Take a look into Symmetric or Asymmetric encryptions in SQL 2005.The below
URL details various encryption methods and algorithems
which is available in SQL Server.
http://www.microsoft.com/technet/itshowcase/content/sqldatsec.mspx
Thanks
Hari
"Meelis Lilbok" <meelis.lilbok@.deltmar.ee> wrote in message
news:uNYS7XSdHHA.4344@.TK2MSFTNGP02.phx.gbl...
> Hi
> What is the best method to encrypt data in tables?
> Lets say if special program or user calls select * from names
> then all data is visible and normal, but all athers get "crap" with select
> * from names
>
> ;)
> Best Regards;
> Mex
>|||On 2 Apr, 13:53, "Meelis Lilbok" <meelis.lil...@.deltmar.ee> wrote:
> Hi
> What is the best method to encrypt data in tables?
> Lets say if special program or user calls select * from names
> then all data is visible and normal, but all athers get "crap" with select *
> from names
>
Do you really want to return "crap" to some users? I suspect not. I
think your real requirement is to deny user access to data certain
data. You can do that using GRANT / DENY and no encryption is
required.
Encryption is not a substitute for data access control.
--
David Portas, SQL Server MVP
Whenever possible please post enough code to reproduce your problem.
Including CREATE TABLE and INSERT statements usually helps.
State what version of SQL Server you are using and specify the content
of any error messages.
SQL Server Books Online:
http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
--|||let me explain what i want
this "encrpyt" function is needed for web application.
lets say, we have a bad/lazy programmer in our comapny;). he writes bad code
and hackers can use sql injection attack
to get data from database.
when data is encrypted even with sqlinjection hackers can't get sensitive
data.
sry my english is not very good :)
Mex
"David Portas" <REMOVE_BEFORE_REPLYING_dportas@.acm.org> wrote in message
news:1175523112.383268.101970@.b75g2000hsg.googlegroups.com...
> On 2 Apr, 13:53, "Meelis Lilbok" <meelis.lil...@.deltmar.ee> wrote:
>> Hi
>> What is the best method to encrypt data in tables?
>> Lets say if special program or user calls select * from names
>> then all data is visible and normal, but all athers get "crap" with
>> select *
>> from names
> Do you really want to return "crap" to some users? I suspect not. I
> think your real requirement is to deny user access to data certain
> data. You can do that using GRANT / DENY and no encryption is
> required.
> Encryption is not a substitute for data access control.
> --
> David Portas, SQL Server MVP
> Whenever possible please post enough code to reproduce your problem.
> Including CREATE TABLE and INSERT statements usually helps.
> State what version of SQL Server you are using and specify the content
> of any error messages.
> SQL Server Books Online:
> http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
> --
>|||Hi
"Redivivus" wrote:
> let me explain what i want
> this "encrpyt" function is needed for web application.
> lets say, we have a bad/lazy programmer in our comapny;). he writes bad code
> and hackers can use sql injection attack
> to get data from database.
> when data is encrypted even with sqlinjection hackers can't get sensitive
> data.
> sry my english is not very good :)
> Mex
>
Hari has suggested using SQL 2005 encryption features, but you have not said
if you are using SQL 2005!
If you have left yourself vulnerable to SQL Injection attacks then the
hacker may be able to find out what encryption keys are being used or in a
worse case if the victim procedure has opened the keys he may still be able
to see the data through the injection anyhow. This could apply to any method
of server based encryption, you may want to read
http://blogs.msdn.com/lcris/archive/2006/11/30/who-needs-encryption.aspx
Part of your solution should be to make sure that all code is reviewed and a
coding standards implemented and maybe justification should be required when
it is necessary to use dynamic SQL. You may want to read the following
http://www.sommarskog.se/dynamic_sql.html#good_practices
HTH
John|||On 2 Apr, 17:01, "Redivivus" <meelis.lil...@.deltmar.ee> wrote:
> let me explain what i want
> this "encrpyt" function is needed for web application.
> lets say, we have a bad/lazy programmer in our comapny;). he writes bad code
> and hackers can use sql injection attack
> to get data from database.
> when data is encrypted even with sqlinjection hackers can't get sensitive
> data.
>
You are mistaken. If you allow arbitrary code execution through SQL
injection then anything could be possible within the security context
of the connection. If the authentication layer for your encryption
(password, certificate or some other method) is compromised as a
result then your encryption is worthless. Encryption is no substitute
for controlling data access.
--
David Portas, SQL Server MVP
Whenever possible please post enough code to reproduce your problem.
Including CREATE TABLE and INSERT statements usually helps.
State what version of SQL Server you are using and specify the content
of any error messages.
SQL Server Books Online:
http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
--|||"Redivivus" <meelis.lilbok@.deltmar.ee> wrote in message
news:ew3rnAUdHHA.1080@.TK2MSFTNGP02.phx.gbl...
> let me explain what i want
> this "encrpyt" function is needed for web application.
> lets say, we have a bad/lazy programmer in our comapny;). he writes bad
> code and hackers can use sql injection attack
> to get data from database.
> when data is encrypted even with sqlinjection hackers can't get sensitive
> data.
Sure they can. Because if you have programmers that bad, you'll also do
encryption that poorly.
Ok, granted, I do agree that some encryption is a good idea, but I'd spend
more time with better hiring. :-)
Note, regardless, you still do NOT want to encrypt every column. You really
can't get performance that way. (as in you'll get NONE).
> sry my english is not very good :)
> Mex
>
> "David Portas" <REMOVE_BEFORE_REPLYING_dportas@.acm.org> wrote in message
> news:1175523112.383268.101970@.b75g2000hsg.googlegroups.com...
>> On 2 Apr, 13:53, "Meelis Lilbok" <meelis.lil...@.deltmar.ee> wrote:
>> Hi
>> What is the best method to encrypt data in tables?
>> Lets say if special program or user calls select * from names
>> then all data is visible and normal, but all athers get "crap" with
>> select *
>> from names
>>
>> Do you really want to return "crap" to some users? I suspect not. I
>> think your real requirement is to deny user access to data certain
>> data. You can do that using GRANT / DENY and no encryption is
>> required.
>> Encryption is not a substitute for data access control.
>> --
>> David Portas, SQL Server MVP
>> Whenever possible please post enough code to reproduce your problem.
>> Including CREATE TABLE and INSERT statements usually helps.
>> State what version of SQL Server you are using and specify the content
>> of any error messages.
>> SQL Server Books Online:
>> http://msdn2.microsoft.com/library/ms130214(en-US,SQL.90).aspx
>> --
>
--
Greg Moore
SQL Server DBA Consulting Remote and Onsite available!
Email: sql (at) greenms.com http://www.greenms.com/sqlserver.html

Wednesday, March 7, 2012

Enabling SQL audit Logging for SELECT queries

Hi all,
We have a requirement in our project where we need to audit log any query
(SELECT queries inclusive) that are fired on a specific set of objects (Tabl
e
and views) in our database. We need to capture information like Who fired th
e
query, When and the actual query itself.
The approach we have thought of is:
Run SQL Profiler and log the output of the trace into a SQL table
Create an INSERT trigger on the SQL table.
Trigger should write data into a custom Audit table with limited information
.
However the di

vantages we see here are performance issues due to profiler
being run continuously, maintenance overhead to clear the SQL table where th
e
trace is written etc.
Can anyone suggest any other better alternative for this requirement?
Thanks
GSNot sure if it ius an option for you, but SQL 2005 contains DML
triggers which allow you to audit Select statements.
Markus|||How about using any of the 3:rd party tools put there? Check the log reader
tools, they tend to have
this support (possibly in special versions): http://www.karaszi.com/SQLServer/link
s.asp
These tools does use the transaction log to audit modifications and Profiler
to audit SELECT.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
Blog: http://solidqualitylearning.com/blogs/tibor/
"GS" <GS@.discussions.microsoft.com> wrote in message
news:6A359D6A-CCD1-4EC5-AEA2-C74C7F551971@.microsoft.com...
> Hi all,
> We have a requirement in our project where we need to audit log any query
> (SELECT queries inclusive) that are fired on a specific set of objects (Ta
ble
> and views) in our database. We need to capture information like Who fired
the
> query, When and the actual query itself.
> The approach we have thought of is:
> Run SQL Profiler and log the output of the trace into a SQL table
> Create an INSERT trigger on the SQL table.
> Trigger should write data into a custom Audit table with limited informati
on.
> However the di

vantages we see here are performance issues due to profil
er
> being run continuously, maintenance overhead to clear the SQL table where
the
> trace is written etc.
> Can anyone suggest any other better alternative for this requirement?
> Thanks
> GS
>

Sunday, February 26, 2012

enabling anonymous access to reports

enabling anonymous access

I'm developing an SSRS 2000 solution that will require allowing anyone in
the company to view certain reports but only a select few to create them
(while I administer the site).
I understand how to add users specifically (Windows NT logins) and assign
them roles, so I'm partway there. What I can't see is how to also enable
anonymous access, either generally or to specific reports or report folders.
If I turn anonymous access on in IIS for the Reports and/or Reportserver
folders, I lose the ability to administer the site. If I turn it off,
anonymous users can't get in. Security seems either black or white and I'm
looking for some shade of grey. I've tried numerous combinations of
settings and nothing has worked. I've added the server's IUSR account to
the SSRS solution but it didn't make any difference. Guest account is
disabled on the server.
What am I missing here? Is it an IAS problem? Note that IAS is on but not
registered in Active Directory for this server (IT is resisting enabling
that) so I hope that's not the problem here.
Thanks all,
Randall ArnoldYou don't have to do individual users. You can also use groups. Almost all
domains have a group that includes everybody (for instance a group called
Users). Just add this group to the browser roll.
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Randall Arnold" <randall.nospam.arnold@.nokia.com.> wrote in message
news:1158332996.554286@.xnews001...
> I'm developing an SSRS 2000 solution that will require allowing anyone in
> the company to view certain reports but only a select few to create them
> (while I administer the site).
> I understand how to add users specifically (Windows NT logins) and assign
> them roles, so I'm partway there. What I can't see is how to also enable
> anonymous access, either generally or to specific reports or report
> folders.
> If I turn anonymous access on in IIS for the Reports and/or Reportserver
> folders, I lose the ability to administer the site. If I turn it off,
> anonymous users can't get in. Security seems either black or white and
> I'm
> looking for some shade of grey. I've tried numerous combinations of
> settings and nothing has worked. I've added the server's IUSR account to
> the SSRS solution but it didn't make any difference. Guest account is
> disabled on the server.
> What am I missing here? Is it an IAS problem? Note that IAS is on but not
> registered in Active Directory for this server (IT is resisting enabling
> that) so I hope that's not the problem here.
> Thanks all,
> Randall Arnold
>
>|||We have a User group that I tried but no luck. But your general idea should
be sound so I'll keep digging, thanks.
Randall Arnold
"Bruce L-C [MVP]" <bruce_lcNOSPAM@.hotmail.com> wrote in message
news:eQh%23kfO2GHA.1040@.TK2MSFTNGP06.phx.gbl...
> You don't have to do individual users. You can also use groups. Almost all
> domains have a group that includes everybody (for instance a group called
> Users). Just add this group to the browser roll.
>
> --
> Bruce Loehle-Conger
> MVP SQL Server Reporting Services
> "Randall Arnold" <randall.nospam.arnold@.nokia.com.> wrote in message
> news:1158332996.554286@.xnews001...
>> I'm developing an SSRS 2000 solution that will require allowing anyone in
>> the company to view certain reports but only a select few to create them
>> (while I administer the site).
>> I understand how to add users specifically (Windows NT logins) and assign
>> them roles, so I'm partway there. What I can't see is how to also enable
>> anonymous access, either generally or to specific reports or report
>> folders.
>> If I turn anonymous access on in IIS for the Reports and/or Reportserver
>> folders, I lose the ability to administer the site. If I turn it off,
>> anonymous users can't get in. Security seems either black or white and
>> I'm
>> looking for some shade of grey. I've tried numerous combinations of
>> settings and nothing has worked. I've added the server's IUSR account to
>> the SSRS solution but it didn't make any difference. Guest account is
>> disabled on the server.
>> What am I missing here? Is it an IAS problem? Note that IAS is on but
>> not
>> registered in Active Directory for this server (IT is resisting enabling
>> that) so I hope that's not the problem here.
>> Thanks all,
>> Randall Arnold
>>
>|||What I do that simplifies things for me is I create a local group (called
something like Reports). I then add the domain groups and users to it. I
then use this local group to add to a role.
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Randall Arnold" <randall.nospam.arnold@.nokia.com.> wrote in message
news:1158362815.849245@.xnews001...
> We have a User group that I tried but no luck. But your general idea
> should be sound so I'll keep digging, thanks.
> Randall Arnold
> "Bruce L-C [MVP]" <bruce_lcNOSPAM@.hotmail.com> wrote in message
> news:eQh%23kfO2GHA.1040@.TK2MSFTNGP06.phx.gbl...
>> You don't have to do individual users. You can also use groups. Almost
>> all domains have a group that includes everybody (for instance a group
>> called Users). Just add this group to the browser roll.
>>
>> --
>> Bruce Loehle-Conger
>> MVP SQL Server Reporting Services
>> "Randall Arnold" <randall.nospam.arnold@.nokia.com.> wrote in message
>> news:1158332996.554286@.xnews001...
>> I'm developing an SSRS 2000 solution that will require allowing anyone
>> in
>> the company to view certain reports but only a select few to create them
>> (while I administer the site).
>> I understand how to add users specifically (Windows NT logins) and
>> assign
>> them roles, so I'm partway there. What I can't see is how to also
>> enable
>> anonymous access, either generally or to specific reports or report
>> folders.
>> If I turn anonymous access on in IIS for the Reports and/or Reportserver
>> folders, I lose the ability to administer the site. If I turn it off,
>> anonymous users can't get in. Security seems either black or white and
>> I'm
>> looking for some shade of grey. I've tried numerous combinations of
>> settings and nothing has worked. I've added the server's IUSR account
>> to
>> the SSRS solution but it didn't make any difference. Guest account is
>> disabled on the server.
>> What am I missing here? Is it an IAS problem? Note that IAS is on but
>> not
>> registered in Active Directory for this server (IT is resisting enabling
>> that) so I hope that's not the problem here.
>> Thanks all,
>> Randall Arnold
>>
>>
>

Sunday, February 19, 2012

emtpy sysperfinfo table

Hello!
I am getting no records when querying sysperinfo table:
select * from master..sysperfinfo
This is production server running SQL2000 SP3 onWindows 2002 . I saw many
people asking the same question but didn't find a definite answer. As a
result, I do not see any of the SQL Server counters in the system monitor. I
am pretty much sure server was installed with performance counters.
Any advice would be greatly appreciated.
IgorCheck the following article as it very likely may apply to
the problems you are having - note the message that is
logged to the error log, that's one way to verify if it
applies in your case:
FIX: "Performance monitor shared memory setup failed: -1"
error message when you start SQL Server
http://support.microsoft.com/?id=812915
-Sue
On Tue, 23 Nov 2004 17:05:05 -0800, "Igor"
<imarchenko@.bowneglobal.com> wrote:
>Hello!
>I am getting no records when querying sysperinfo table:
>select * from master..sysperfinfo
> This is production server running SQL2000 SP3 onWindows 2002 . I saw many
>people asking the same question but didn't find a definite answer. As a
>result, I do not see any of the SQL Server counters in the system monitor. I
>am pretty much sure server was installed with performance counters.
> Any advice would be greatly appreciated.
>
>Igor
>|||Hello Sue,
I do not get error you mentioned in SQL Server error log. I also do not
think this case applies to my problem.
Thanks,
Igor
"Sue Hoegemeier" <Sue_H@.nomail.please> wrote in message
news:6mp7q0pfkrjmp7mfgb8gdn3k4t7lka5ti1@.4ax.com...
> Check the following article as it very likely may apply to
> the problems you are having - note the message that is
> logged to the error log, that's one way to verify if it
> applies in your case:
> FIX: "Performance monitor shared memory setup failed: -1"
> error message when you start SQL Server
> http://support.microsoft.com/?id=812915
> -Sue
> On Tue, 23 Nov 2004 17:05:05 -0800, "Igor"
> <imarchenko@.bowneglobal.com> wrote:
> >Hello!
> >
> >I am getting no records when querying sysperinfo table:
> >
> >select * from master..sysperfinfo
> >
> > This is production server running SQL2000 SP3 onWindows 2002 . I saw
many
> >people asking the same question but didn't find a definite answer. As a
> >result, I do not see any of the SQL Server counters in the system
monitor. I
> >am pretty much sure server was installed with performance counters.
> > Any advice would be greatly appreciated.
> >
> >
> >Igor
> >
>|||Your symptoms do point to the issue in the KB Sue mentioned. Usually when
you don't get the counters (which come from syserfinfo) and your
lastwaittype column in sysprocesses is always Misc you blew away the
counters. The short term solution is to stop anything that is monitoring
the counters and restart SQL Server.
--
Andrew J. Kelly SQL MVP
"Igor" <imarchenko@.bowneglobal.com> wrote in message
news:elohshc0EHA.3708@.TK2MSFTNGP14.phx.gbl...
> Hello Sue,
> I do not get error you mentioned in SQL Server error log. I also do not
> think this case applies to my problem.
> Thanks,
> Igor
> "Sue Hoegemeier" <Sue_H@.nomail.please> wrote in message
> news:6mp7q0pfkrjmp7mfgb8gdn3k4t7lka5ti1@.4ax.com...
>> Check the following article as it very likely may apply to
>> the problems you are having - note the message that is
>> logged to the error log, that's one way to verify if it
>> applies in your case:
>> FIX: "Performance monitor shared memory setup failed: -1"
>> error message when you start SQL Server
>> http://support.microsoft.com/?id=812915
>> -Sue
>> On Tue, 23 Nov 2004 17:05:05 -0800, "Igor"
>> <imarchenko@.bowneglobal.com> wrote:
>> >Hello!
>> >
>> >I am getting no records when querying sysperinfo table:
>> >
>> >select * from master..sysperfinfo
>> >
>> > This is production server running SQL2000 SP3 onWindows 2002 . I saw
> many
>> >people asking the same question but didn't find a definite answer. As a
>> >result, I do not see any of the SQL Server counters in the system
> monitor. I
>> >am pretty much sure server was installed with performance counters.
>> > Any advice would be greatly appreciated.
>> >
>> >
>> >Igor
>> >
>

Friday, February 17, 2012

Empty string

MyCol is a varchar(1) column.
SELECT MyCol + '.' FROM tbl
returns ' .' (space+dot), when MyCol contains empty string.
Why? How can I make it to return '.' (with no space)?
I use SQL Server 2000, default settings.
Thanks.First of all, why are you using varchar(1)? You're wasting an extra byte
per row for nothing... Use CHAR(1).
Second, how are you determining that the output is ' .'? Is this happening
client-side? I cannot reproduce what you're talking about, using the
following:
declare @.table table(blah varchar(1))
insert @.table values ('')
select len(blah + '.')
from @.table
Can you post code to reproduce your problem?
--
Adam Machanic
SQL Server MVP
http://www.sqljunkies.com/weblog/amachanic
--
"Vik" <viktorum@.==hotmail.com==> wrote in message
news:uHeX%23XCyEHA.352@.TK2MSFTNGP14.phx.gbl...
> MyCol is a varchar(1) column.
> SELECT MyCol + '.' FROM tbl
> returns ' .' (space+dot), when MyCol contains empty string.
> Why? How can I make it to return '.' (with no space)?
> I use SQL Server 2000, default settings.
> Thanks.
>|||You can use any of LTRIM, REPLACE, SUBSTRING, STUFF, CASE, RIGHT or some
other string function to get this done. See the topic String functions in
SQL Server Books Online for details.
--
Anith|||>> Can you post code to reproduce your problem?
INSERT @.table SELECT SPACE(1) ;
--
Anith|||> when MyCol contains empty string.
What is your definition of an empty string? Can you show a repro? Like
Adam, I can't figure out whow you're doing this, unless you have a different
definition of "empty string" than I. I couldn't yield your result unless I
insert a space.
set nocount on
set concat_null_yields_null on
set ansi_padding off
create table #t(blah varchar(1))
insert #t values (SPACE(0))
insert #t values ('')
insert #t values (SPACE(1))
insert #t values (' ')
insert #t values (NULL)
select blah+'.', len(blah + '.') from #t
drop table #t
go
set concat_null_yields_null off
set ansi_padding off
create table #t(blah varchar(1))
insert #t values (SPACE(0))
insert #t values ('')
insert #t values (SPACE(1))
insert #t values (' ')
select blah+'.', len(blah + '.') from #t
drop table #t
go
set concat_null_yields_null on
set ansi_padding on
create table #t(blah varchar(1))
insert #t values (SPACE(0))
insert #t values ('')
insert #t values (SPACE(1))
insert #t values (' ')
insert #t values (NULL)
select blah+'.', len(blah + '.') from #t
drop table #t
go
set concat_null_yields_null off
set ansi_padding on
create table #t(blah varchar(1))
insert #t values (SPACE(0))
insert #t values ('')
insert #t values (SPACE(1))
insert #t values (' ')
select blah+'.', len(blah + '.') from #t
drop table #t
go
--
http://www.aspfaq.com/
(Reverse address to reply.)|||I believe the OP said it was an empty string?
--
Adam Machanic
SQL Server MVP
http://www.sqljunkies.com/weblog/amachanic
--
"Anith Sen" <anith@.bizdatasolutions.com> wrote in message
news:uoK1udCyEHA.1956@.TK2MSFTNGP14.phx.gbl...
> >> Can you post code to reproduce your problem?
> INSERT @.table SELECT SPACE(1) ;
> --
> Anith
>|||I asked for a definition of empty string. To me, that's SPACE(0), not
SPACE(1).
--
http://www.aspfaq.com/
(Reverse address to reply.)
"Adam Machanic" <amachanic@.hotmail._removetoemail_.com> wrote in message
news:#KGvagCyEHA.3400@.TK2MSFTNGP10.phx.gbl...
> I believe the OP said it was an empty string?
> --
> Adam Machanic
> SQL Server MVP
> http://www.sqljunkies.com/weblog/amachanic
> --
>
> "Anith Sen" <anith@.bizdatasolutions.com> wrote in message
> news:uoK1udCyEHA.1956@.TK2MSFTNGP14.phx.gbl...
> > >> Can you post code to reproduce your problem?
> >
> > INSERT @.table SELECT SPACE(1) ;
> >
> > --
> > Anith
> >
> >
>|||It appeared that MyCol contained a space instead of empty string. What
confused me was that LEN(MyCol) returned 0, when MyCol=' ' (one space).
So, a question is why LEN(' ') returns 0 and DATALENGTH(' ') returns 1?
Thanks.
"Vik" <viktorum@.==hotmail.com==> wrote in message
news:uHeX%23XCyEHA.352@.TK2MSFTNGP14.phx.gbl...
> MyCol is a varchar(1) column.
> SELECT MyCol + '.' FROM tbl
> returns ' .' (space+dot), when MyCol contains empty string.
> Why? How can I make it to return '.' (with no space)?
> I use SQL Server 2000, default settings.
> Thanks.
>|||From BOL:
LEN
Returns the number of characters, rather than the number of bytes, of the
given string expression, excluding trailing blanks.
I agree, that can get confusing!
Adam Machanic
SQL Server MVP
http://www.sqljunkies.com/weblog/amachanic
--
"Vik" <viktorum@.==hotmail.com==> wrote in message
news:OSjkejCyEHA.4064@.TK2MSFTNGP10.phx.gbl...
> It appeared that MyCol contained a space instead of empty string. What
> confused me was that LEN(MyCol) returned 0, when MyCol=' ' (one space).
> So, a question is why LEN(' ') returns 0 and DATALENGTH(' ') returns 1?
> Thanks.
> "Vik" <viktorum@.==hotmail.com==> wrote in message
> news:uHeX%23XCyEHA.352@.TK2MSFTNGP14.phx.gbl...
> > MyCol is a varchar(1) column.
> >
> > SELECT MyCol + '.' FROM tbl
> >
> > returns ' .' (space+dot), when MyCol contains empty string.
> > Why? How can I make it to return '.' (with no space)?
> >
> > I use SQL Server 2000, default settings.
> >
> > Thanks.
> >
> >
>|||Here is a reason to use VARCHAR(1) instead of CHAR(1): when ANSI_PADDING is
set on. CHAR(1) will store SPACE(0) as space, whereas VARCHAR(1) will store
SPACE(0) as an empty string.
Sincerely,
Anthony Thomas
"Adam Machanic" <amachanic@.hotmail._removetoemail_.com> wrote in message
news:OpZ3DaCyEHA.1452@.TK2MSFTNGP11.phx.gbl...
First of all, why are you using varchar(1)? You're wasting an extra byte
per row for nothing... Use CHAR(1).
Second, how are you determining that the output is ' .'? Is this happening
client-side? I cannot reproduce what you're talking about, using the
following:
declare @.table table(blah varchar(1))
insert @.table values ('')
select len(blah + '.')
from @.table
Can you post code to reproduce your problem?
--
Adam Machanic
SQL Server MVP
http://www.sqljunkies.com/weblog/amachanic
--
"Vik" <viktorum@.==hotmail.com==> wrote in message
news:uHeX%23XCyEHA.352@.TK2MSFTNGP14.phx.gbl...
> MyCol is a varchar(1) column.
> SELECT MyCol + '.' FROM tbl
> returns ' .' (space+dot), when MyCol contains empty string.
> Why? How can I make it to return '.' (with no space)?
> I use SQL Server 2000, default settings.
> Thanks.
>|||"Adam Machanic" <amachanic@.hotmail._removetoemail_.com> wrote in message
news:OpZ3DaCyEHA.1452@.TK2MSFTNGP11.phx.gbl...
> First of all, why are you using varchar(1)? You're wasting an extra byte
> per row for nothing... Use CHAR(1).
>
Originally MyCol was Char(1) and contained Nulls. Then it appeared that this
column should be used in a join, so I had to get rid of Nulls.
I also have a few Web pages (in ASP.NET) built in assumption that MyCol is
not blank. So, I decided to use Varchar(1) and an empty string for MyCol
instead of using a space and updating the queries or code with a Trim
function.
> Second, how are you determining that the output is ' .'? Is this
happening
> client-side? I cannot reproduce what you're talking about, using the
> following:
>
> declare @.table table(blah varchar(1))
> insert @.table values ('')
> select len(blah + '.')
> from @.table
>
> Can you post code to reproduce your problem?
> --
> Adam Machanic
> SQL Server MVP
> http://www.sqljunkies.com/weblog/amachanic
> --
>
> "Vik" <viktorum@.==hotmail.com==> wrote in message
> news:uHeX%23XCyEHA.352@.TK2MSFTNGP14.phx.gbl...
> > MyCol is a varchar(1) column.
> >
> > SELECT MyCol + '.' FROM tbl
> >
> > returns ' .' (space+dot), when MyCol contains empty string.
> > Why? How can I make it to return '.' (with no space)?
> >
> > I use SQL Server 2000, default settings.
> >
> > Thanks.
> >
> >
>|||Is your database set to a compatibility level of 65, perhaps? SQL
Server 6.5 could not store an empty string, if I recall correctly.
Otherwise, how do you know MyCol is empty? This behavior will result if
MyCol contains the value ' '. You can try rtrim(MyCol) to trim any
trailing spaces, but it would be best to find out what is going on.
Steve Kass
Drew University
Vik wrote:
>MyCol is a varchar(1) column.
>SELECT MyCol + '.' FROM tbl
>returns ' .' (space+dot), when MyCol contains empty string.
>Why? How can I make it to return '.' (with no space)?
>I use SQL Server 2000, default settings.
>Thanks.
>
>|||Vik wrote:
> It appeared that MyCol contained a space instead of empty string. What
> confused me was that LEN(MyCol) returned 0, when MyCol=' ' (one
> space).
> So, a question is why LEN(' ') returns 0 and DATALENGTH(' ') returns
> 1?
> Thanks.
> "Vik" <viktorum@.==hotmail.com==> wrote in message
> news:uHeX%23XCyEHA.352@.TK2MSFTNGP14.phx.gbl...
>> MyCol is a varchar(1) column.
>> SELECT MyCol + '.' FROM tbl
>> returns ' .' (space+dot), when MyCol contains empty string.
>> Why? How can I make it to return '.' (with no space)?
>> I use SQL Server 2000, default settings.
>> Thanks.
Use DATALENGTH() for the real stored length.
create table #testing(col1 varchar(1))
insert into #testing values (space(1))
select len(col1) as 'len', datalength(col1) as 'datalength'
from #testing
len datalength
-- --
0 1
David Gugick
Imceda Software
www.imceda.com

Tuesday, March 27, 2012

Encryption of SQL Queries

Encryption of SQL Queries

Sunday, March 11, 2012

Encrypt/decrypt MS SQL 2005

encrypt/ decrypt fields or VB function "StrReverse".

Friday, March 9, 2012

Encrpyt

Encrpyt

Encrpyt

Wednesday, March 7, 2012

Enabling SQL audit Logging for SELECT queries

Sunday, February 26, 2012

enabling anonymous access to reports

enabling anonymous access to reports

enabling anonymous access to reports

enabling anonymous access

Sunday, February 19, 2012

emtpy sysperfinfo table

Friday, February 17, 2012

Empty string

Empty string

Empty string

Empty Column

Blog Archive

About Me