RSA Archer data feed uses plaintext password - archer

RSA Archer, version 6.4 SP1 P2.
I use Database Query Transporter for Oracle DB. I configured ODBC Data Provider with a connection string:
Driver={Oracle in instantclient_19_3};Dbq=my_id;Uis=my_username;Pwd=my_password;
It works, but I hate to have my password in plaintext. Especially that below Connection String, there are dedicated fields for User Name and Password. But for some reason Archer doesn't use it. How can I force Archer to use data from those fields?
I don't use Instant Client, because I don't have rights to install package the Microsoft Visual Studio 2017 Redistributable on the web server.
I'm open to any suggestion.

Diodak, fill out the username and password fields and in the connection string use the following:
Driver={Oracle in instantclient_19_3};Dbq=my_id;Uis={username};Pwd={password};
Archer will insert the values from the those fields into the connection string when the connection is made to the database server.

Related

How to set user Windows password in SQL Server

I am using SSMS to interact with a database I have locally on my PC. I also have a software to create reports about data in the database, but first of all I have to connect the software to the SQL Server database.
I'm logging into the database using Windows authentication (credentials WindowsDomain\username) which is my PC name and Windows username. At the beginning I didn't set a password and it connected successfully.
But to connect the software to the database, I have to fill in different fields such as Host Name, Port Number, Database Name, User, Password. I can't leave empty the Password field even if I don't have one, so I need to set a password for my Windows username : OK easy, I just have to set the password account in the Control Panel..
I restart my PC and check if I need to fill the password, now, in SQL Server.. But it still connects without any password, the software does not connect the database with that password, and in SQL Server I can't solve it with a query (alter login on my username), error :
Cannot use parameter PASSWORD for a Windows login.
How can I set a password for this user name ? Or maybe to create a new one with SQL Server authentication or Windows authentication, it's the same for me...
If you are trying to use password with Windows Authenticationthat is not a correct way and also imposible because Windows AuthenticationLogin is different from SQL Login.
In Windows Authentication you don't have a password because Windows tells SQL that I trust this user(who is loged in on this computer) so you can trust him

Cannot access Azure SQL database

I am having trouble accessing my Azure SQL database. I Have whitelisted my ip address(using 'what is my ip' in google to find it) The connection string in the azure portal is -
Driver={SQL Server Native Client
10.0};Server=tcp:nrmuolxpqg.database.windows.net,1433;Database=databasename;Uid=username#nrmuolxpqg;Pwd={your_password_here};Encrypt=yes;Connection
Timeout=30;
What do I put into the Migration Tool, or into visual studio as the connection properties? In particular what to do with the 'tcp' at the starte of the server string?
The fields I need to fill in are:
-Server name (do I need to put tcp or the port number in here? )
-Login
-password - (this is my windows account password right? )
-Database
The only thing you need to change is the username and password. This is something you specified when you created the server. It's not the same as your Windows username and password.
If you forgot the password, you can reset following these instructions, Password reset for Azure database.
EDIT 06/20/2018 - Finding the username
If you forgot your username, you can find it by clicking the Show database connection strings link in the Essentials window.
The ADO.NET connection string will not show the username but any of the other examples will.
Here are a few additional things you can try to resolve connection issues.
Try pinging the server. The server doesn't respond to the request but the name should be resolved to an IP address.
Verify that your client IP address has been added as a firewall rule.
Make sure you are using the correct connection string (in your question you are using the ODBC connection string, you might want to try the ADO.NET one). Also double-check that you use the correct username and password.
To connect from Visual Studio, add a connection from the Server Explorer window using the server name and login info as shown below. Obviously you have to change the server name and login info to match you specifics. I'm connecting to a database called StackDemo in the below screenshot.
If you still can't connect, there might be an issue where your company's or personal firewall is blocking the connection.

Remote Data Access: the user is not associated with a trusted SQL Server connection

I have read all the related posts here and many other discussions on other forums, but still cannot solve my problem.
I am porting a SQL Server CE application from a WindowsCE device to Win 7. The code of interests is to remotely download a table from SQL Server database using SqlCeRemoteDataAccess.Pull.
The original code on WinCE device is as follows:
SqlCeRemoteDataAccess.Pull(Tablename, sql, _remoteConnectionString, RdaTrackoption.TrackingOffWithIndexes, "ErrorTable")
When running on Win7 from Visual Studio 2012, it complains:
Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
I double checked both my local and remote databases. They are not corrupted. Then I searched the Internet and this forum, and tried the suggested solution: changing the connection string from:
Provider=PROVIDER;Data Source=Src;User ID=SUser;Password=1234;Initial Catalog=ABCD_EF;
To:
Provider=PROVIDER;Data Source=Src;User ID=SUser;Password=1234;Initial Catalog=ABCD_EF;Integrated Security=SSPI;
Now I got:
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
I also added Trusted_Connection=Yes or Trusted_Connection=True to the above connection string and saw the identical error. Any suggestions ? Thank you.
NOTE: The server is already set to mixed mode: both Windows and SQL Server authentication.
NEW updating: I am using C# for programming both for the device and on Win7. The remote data server agent is in sqlcesa30.dll (Microsoft SQL Server Compact Edition Server Agent 3.0). The followings are connection strings used and error messages I got:
(1) Original one that Works on WinCE devices, but on Win 7 I got:
Provider=PROVIDER;Data Source=Src;User ID=SUser;Password=1234;Initial Catalog=ABCD_EF;
Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
(2) On Win 7 I got:
Provider=PROVIDER;Data Source=Src;Initial Catalog=ABCD_EF;Integrated Security=SSPI;
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
(3) On Win 7 I got:
Provider=PROVIDER;Data Source=Src;User ID=SUser;Password=1234;Initial Catalog=ABCD_EF;Integrated Security=SSPI;
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
You cannot have both the Integrated Security=SSPI; and User ID=SUser;Password=1234 in a connection string at once. Pick one:
either use the integrated security (recommended) to use your current credentials - but then you must remove the UserID=...;Password=.... parts from the connection string
or then you use a specific user and password - and in this case, adding integrated security or trusted connection is moot since the UserID=...;Password=... settings will be used
So in your case, if you have properly set up integrated security, just use:
Data Source=Src;Initial Catalog=ABCD_EF;Integrated Security=SSPI;
as your connection string.

Prevent man-in-the-middle attacks on ssms to SQL Server Connection

I'm connecting to a SQL Server instance in a shared environment using SQL Server Management Studio. I don't want to take the hosting service's word so I'd like to find a way to discover whether all communications are encrypted. Especially the password, since it seems from this answer that sometimes it's sent in plaintext and sometimes not (I've been trying to use Microsoft Network Monitor to find out if it's encrypted but haven't been successful yet.)
Even if the password is encrypted, what if someone uses the connection (as a man-in-the-middle) to enter his own data into the database? (I'm more worried about that, though reading from the database is also a problem, of course.)
So, to sum up, how can I force a secure connection or at least discover whether one is present, when I don't have administrator's privileges on the database?
SQL Server client drivers offer the ability to require encryption and also verify that the certificate on the SQL Server comes from a trusted provider. Most drivers for SQL Server (JDBC, ODBC, .NET client, etc) have these settings.
More information can be found here: https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx

Error 24 Username and/or password invalid

I have two instances of IBM Informix Database on a HP-UX UNIX box. One instance is for test and the other instance is our live database. The test instance is a copy of the live instance and the usernames and passwords are identical for the two databases. When I connect to the test instance in Visual Studio 2010 using a drda connection string the connection is successful. When I connect to the live instance with the same username and password the connection fails with this error:
ERROR [08001] [IBM] SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001.
The test connection string is:
Database=companydb;User ID=dbuser;Password=********;Server=dbserver:1403;Persist Security Info=True
The live connection string is:
Database=companydb;User ID=dbuser;Password=********;Server=dbserver:1402;Persist Security Info=True
The only difference between the two connection strings is the port number.
I have searched the IBM website (nightmare) with no luck.
I have installed IBM Data Server Driver Package - IBMDBCL1, IBM Database Add-Ins for Visual Studio and ClientSDK 3.70 (4.1 doesn't support Visual Studio Add-Ins).
The error is misleading little bit: you just unable to connect. As you know Informix doesn't manage users password: the username and password is inherited from operating system user under which Informix is installed. The simplest way is to install both instances under 2 different operating system users and use different ports. When you able to connect with dbaccess to your DB's under 2 this users you will not have this error.