We can copy MDF and LDF files and paste them on other PC and easily attach it and view its contents!
I want to restrict that no one except me can easily attach my mdf files.
Encryption is not possible option for me. I am using SQL Server 2014 Express Edition.
You can use EFS, Encrypting File System, which is a windows feature. You will need to install a certificate for this under your account on the server. If anyone tries to copy or read the file and does not have permissions to the certificate, then they will get an error. Just be sure to grant the service account for the database engine access to the certificate or your database will not be usable until you do. I would recommend testing this before implementing.
Related
I am running a file upload process to upload files to a db. The web server and the SQL server are different machines. I am attempting to use an SQL OPENROWSET to upload an excel file, but I cannot determine how to get the file onto the other machine. Is there a way to set up a shared drive that the web server can save a file to and the SQL server can access? We have a local network set up with Active Directory.
For Example:
WebServer - Shared drive on web server under C:/inetpub/webpage/fileImport
SQLServer - Will log in with sql auth using USERID and PASSWD. Needs to access webserver shared drive.
What user do I share the drive on web server with so that the sql auth user will be able to access it when I run the OPENROWSET?
Any help will be much appreciated.
I am also trying the same thing by uploading the file in FTP and trying to access it. But i didn't get any progress from last 2 weeks.
And i had found may other alternatives like coping the files in another server and share the folder with out user name & password. then we can able to access it by giving the
\\folder\filename
If u get any other alternative plz share...
You should setup a new user that has access to the user group iis_users, and then give them security access to the file drive itself.
The same should be done to the DB server, and on the drive folder security the other user will need read/write/Modify permissions.
So it will look like:
(WebHost) ---- (Shared) ---- (DBHost)
*-------*
Well, you would setup the folder on the SQLServer.
Create a secure user on the SQL machine.
Make the folder shared (with modify rights for the secure user)
Map the Network drive on the Windows machine, using the secure user to access it.
Your main user on the SQLServer should then be able to openrowset from the local folder, whilst the IIS Server is remotely accessing it.
Using the OPENROWSET means that SQL qill access files using the service account. This account must be used to access share drive, as stated here Using SQL Credential to Open a file with OpenRowSet.
I've successfully created site using Umbraco now its time to upload it on hosting server..
i've searched and got one paid product for the same..and i dont want to use it.
Has any body tried developing Umbraco site on local and then uploading it on server?
If yes then please help me doing that.
First I run the umbraco install from a local IIS website. Then I setup my visual studio solution for that website (and my souce control). Then I work, until I reach a beta version, then I go through this process for deploying:
Ftp over to the remove website and copy the whole website (I actually use Beyond compare).
Connect to my local database with management studio and create a .bak file.
Upload the .bak file to the database server.
Restore that database
Review connection strings in web.config
Then I'm pretty much done.
Once I'm "live" and have content I don't want to lose, when I want to work on the website, I bring back the live database through a .bak file, then I make my changes. They often include DB changes since the schema is basically in the database. I note all the operations I do. Once my changes are ready I manually replicate the changes on the live site as I update the files.
This is very painfull but I tried solutions like courrier and other things like that and they are not reliable enough for production I find. Manually is the only risk free way I see for the moment.
Hope this helps.
Yes, that happens all the time. Use FTP to copy your local installation to your webserver, modify the web.config to point to the correct database and your website should be up-and-running.
I'm sure there are more elegant solutions with less clicks but here's how I do it on azure websites with sql, not sure what hosting/db you're using:
1) Create an empty db on azure with the same login and user as my local db.
2) Create an empty site on azure connected to my db.
3) Download the publishing profile.
4) Upload the db the first time with Sql Azure Migration Wizard.
5) Import the publishing profile into and upload the site with WebMatrix.
6) Thereafter I deploy the site and db with WebMatrix.
WebMatrix uses WebDeploy or FTP, you can use WebDeploy through IIS if you like, and FTP.
I wish to ship SQL server database file with my application. I am very very new to SQL.
1) I do not know how to protect this file from being opened.
2) If this file is emailed, can anybody read it?
3) Is there any possibility of protecting it like Access database is password protected so even emailed, no one can open it.
Thanks
Furqan
Regular SQL Server database files (.mdf, .ldf) aren't intended to be shipped with your application and installed locally - they are intended to be used on a SQL Server instance, running in a secure environment where typical users don't have physical access to the files per se.
As such, .mdf/.ldf files cannot really be protected by a password or anything like that - you can define users and their permissions, but that only applies to the permissions inside the database - not the database file(s) itself.
For your scenario, I guess you'd be better off with SQL Server Compact Edition - an in-process (just a bunch of DLL's), one-file-for-your-entire-database (*.sdf) kind of database - much more closely an Access replacement than the full-fledged SQL Server.
The documentation clearly states:
SQL Server Compact Edition was
designed from the beginning assuming
the user had access to the physical
file. Without an additional security
mechanism, the user could bypass your
application and use tools such as
MSQuery to view and edit the raw data.
SQL Server Compact Edition supports
the ability to password protect and
encrypt the data file, thereby
limiting access to your application
which embeds the password. The
password protection of the database
file adds a layer of protection that
travels with the file, making it
harder to access the data in the event
a rogue user obtains the file.
Read more about SQL Server Compact 3.5 and you might also want to check out the SQL Server Compact blog which discusses the latest developments (SQL Server Compact 4.0 is in testing right now).
1) Assign a username and password to through SSMS or Enterprise Manager
2) No, because of [1]
3) Yes, because of [1]
Just to be doubly sure: take the database offline, zip encrypt .mdf file, and send it
If you ship it - than someone on the other end need to open and install it.
You can protect the file using zip software with password, and tell it to the other party on the phone.
1) Even if you protect it before it is added to the SQL server the user will be able to get into the database once it is loaded and running on the server.
2) Possible, but why would you want to email a database file?
3) When you email it you can add it to an archive with password, like a password protected zip file.
Does anyone know of a script or program that can be used for backing up multiple websites?
Ideally, I would like the have it setup on a server where the backups will be stored.
I would like to be able to add the website login info, and it connects and creates a zip file or similar that it would then be sent back to the remote server to be saved as a backup etc...
But it would also need to be able to be set up as a cron so it backed up everyday at least?
I can find PC to Server backups that a similar, but no server to server remote backup scripts etc...
It would be heavily used, and needs to be a gui so the less techy can use it too?
Does anyone know of anything similar to what we need?
HTTP-Track website mirroring utility.
Wget and scripts
RSync and FTP login (or SFTP for security)
Git can be used for backup and has security features and networking ability.
7Zip can be called from the command line to create a zip file.
In any case you will need to implement either secure FTP (SSH secured) OR a password-secured upload form. If you feel clever you might use WebDAV.
Here's what I would do:
Put a backup generator script on each website (outputting a ZIP)
Protect its access with a .htpasswd file
On the backupserver, make a cron script download all the backups and store them
We have SSIS package config files that contain DB encryption passwords or PGP encryption passwords. I came to the conclusion that there is no "silver bullet" solution for encrypting SSIS package config files like with web.config files ect.
Should we consider not using config files at all for SSIS packages and if so what other options do we have available for storing settings?
Encryption of configuration files are not handled by SSIS itself. You can use NTFS encryption and/or ACLs to control access to config files and contents. It beats learning and administering a new access/encryption mechanism, and nicely ties in to your AD efforts.
Another option is to store the configurations in a SQL table and use SQL security to control access, but most administrators seem to prefer file-based management.
Could you use a table for config storage and lock down access to it? Throw that database/log/backup in an EFS protected folder and the only people that could access would be SQL sysadmins/or authorized accts and whoever has access to decrypt efs with a recovery account and restore the database (domain admins?).
You could also use SQL 2005's native encryption and write your own procedure to access the data and then set the connection properties in a script task. I haven't done this, but theoretically it might work.
While storing configuration information in a database is a viable alternative, if you are stuck with XML configuration files (for a variety of reasons), you may try BI xPress Secure Configuration Manager or SSISCipherBoy (freeware, I am affiliated to this project). These two utilities answer your question precisely.