Secure Developer Access to SQL Server

My organization is running SQL Server 2008 and I currently access the database through a local copy of enterprise manager that connects to the db through the standard port (1433). I also us RDP to go the server directly at times. 
My organization just had an outside party conduct a security audit and we were dinged both for having an open port (and the fact that is was the default port) and also for using RDP.
Is there a more secure method to connect to a SQL Server DB for developoment than either RDP or through TCI/IP via an open port?
Thanks!

Hello,
I must agree with the responses so far.
My organization just had an outside party conduct a security audit and we were dinged both for having an open port (and the fact that is was the default port) and also for using RDP.
Security through obscurity won't help. If they were competent they would port scan (find the now different port) and check the service type. Just now you had to change all of your application connection strings. They will still ding you next time. For reference
this comes up in PCI compliance a good bit and every time I ask if they port scan and what the difference would be to which I get "it'd just not be on the standard port". So if I have the browser service running, it's going to do port translation for me and
it won't matter.
RDP access is needed to do *some* items. Even if you could use remoting through something such as powershell, wmi, etc, you'd still get dinged for that being open. They are going to "do an evaluation" and find as much as they can because they want it to
look good that they did something. You can challenge their results for security (I wouldn't in this case) and I often do when it's something petty that fills up line items. For example, I'd argue the port change, especially due to the change in all connection
strings needed and if browser is used for port translation then nothing changes except more work for you.
As others have already pointed out, your networking team should restrict access to the services through the inside firewall and (if no talking to other servers located elsewhere) should be completely blocked at the perimeter/outside firewalls.
To make it more secure you could use IPsec and then be super redundant and enforce encrypted connected through SQL Server. Obviously the firewall changes other and I have stated will help immensely more.
Sean Gallardy | Blog |
Twitter

Similar Messages

  • How can I develope a native mobile cross platform app that can access an SQL server.

    I would do it in html5 as a web app but I also need to access an SQL server and upload data(text) pictures from the camera and
    geolocation data etc.
    I've developed many web based applications, but this is this first attempt to integrate native device functions AND interact with an SQL database.
    So it would have to be able to use form data  then add a photo and geolocation and send everything to the database.
    A site with examples and/or tutorials would be nice.
    To make things worse, I'd also have to be able to work offline and re-sync when networks connections allow.
    If a native app would be too complex, then I was thinking I might be able to develope an app that gathers data then
    passes the info on to a browser to connect with the database.
    But as much as possible I don't want to have to swing back and forth between a browser and an app.
    Pete

    Here is a page a I bookmarked a while back to use jQUERY to access a php scripts sitting on a server that can then interact with the database in the usual way. This means that you will be able to use DW to create the usual HTML CSS and jQuery to make an interactive app.
    I havn't yet tried this but a quick look over the script looks good. Make sure you use php that sanitizes input.
    http://stackoverflow.com/questions/8246380/adding-a-database-to-jquery-mobile-site
    Let me know how you go.

  • What is the best NLS config to be near the ACCESS or SQL Server characters set

    Hi all,
    I am working with an Oracle for Windows.
    I have serious problems with my actual characters set.
    What is the best NLS config to be near the ms-Access or SQL Server characters set behavior ?
    For exemple :
    I have a table with city names
    I want to find the nearest >= city name of a given criteria. so i do this SQL
    SELECT Nom FROM TLCommune WHERE Nom >= 'LIMOGES' ORDER BY Nom, Pays, Dept, Insee
    This SELECT give this result under SQL plus worksheet (same via VB and ADO)
    Why the cities from krosno to Limerick are listed regarding on the WHERE clause Nom >= 'LIMOGES' ?
    NOM
    krosno
    La Manche et la Mer d'Irlande
    Laesv
    Lancashire
    Landes
    Lappi (Lappland)
    Latviya
    Legnica
    Leicester and Rutland
    Leipzig
    Leningrad
    NOM
    Leon
    Lirida
    Leszno
    Liberec
    Libiria
    Libye
    Limburg
    Limburg (Limbourg)
    Limerick
    LIMOGES <--------------------------------------- the city in the nom >= 'LIMOGES' in the SQL statement
    LIMOGES-FOURCHES

    Hi,
    Try these steps:-
    * Open the GUI of Root bridge
    Go to Security/SSID Manager/create SSid/map it to the radio
    * Under Client Authentication setting
    Check the box Open authentication with no Addition ..
    * Then click Apply
    * Go to Ecryption Manager page
    Under Ecryption Modes
    Select Cipher ---TKIP
    Under Encryption Keys
    Select Encryption Key 2 ------Don't put any key ... Leave the box blank and key size be 128bit
    Then click Apply
    * Come back to SSID Manager page
    Under Client Authenticated Key Management ..
    Select Key Management:- Mandatory
    Check the box:- WPA
    Under WPA Pre-shared Key:- Type atleast 8 character key..
    Click Apply:-
    * Then we need to repeat the same settings on Other bridge except the station role will be non-root.
    Now to troubleshoot...
    * First make Bridge are able to talk to each when there is on security setup
    * Set a simple Pre-shared Key ... example 1234567890 on both bridge .. Bridge will not associate if key mismatch..
    Hope this will work for you.

  • What are the different ways in accessing the SQL server from NWDS ?

    Hi Experts,
    Can anyone suggest the different ways for accessing the SQL server from NWDS.I also want to know whether any tool is available for accessing SQL server from Webdynpro java application in Netweaver development studio.
    I am currently using JDBC driver for accessing the SQL server from Webdynpro java application in NWDS.
    Regards,
    Krishna Balaji T

    Note - that no internet backup service has been proven to be safe and effective for backing up the iPhoto library - unless you personally have backup uyp an iPhoto library and restored it sucussfuly form one it should not be recommended - a large number of people have lost their photos trying it
    LN

  • Configure Synchronization Connections An error has occurred while accessing the SQL Server database

    Hi,
    i am getting following error message
    Central Administration --> Synchronization Connections
    An error has occurred while accessing the SQL Server database or the SharePoint Server Search service.
    If this is the first time you have seen this message, try again later. If this problem persists, contact your administrator.
    Central Administration -->  Manage Profile Service: User Profile Service Application --> Manage User Properties
    Error
    An unexpected error has occurred.
    Troubleshoot issues with Microsoft SharePoint Foundation.
    Correlation ID: 3bce5a11-f2dc-4788
    Please tell how to fix it.
    iffi

    Event ID 5555 -> i have change the Timer jobs recycling time AM to PM
    for  User profile page not display  number of count in the page first check services , connection , 
    IISRESET /NOFORCE   /  timer services restart 
    Deepesh Yevle MCTS

  • Accessing MS Sql Server with Java classes - problem connecting to socket

    I found an example at this location which uses java classes to connected to MS Sql Server.
    http://search400.techtarget.com/tip/1,289483,sid3_gci1065992,00.html
    --bummer - it is a login location - so I will include the article
    Anyway, the example is using Websphere, but I am still on Jbuilder (will get wsad soon). So I planted the classes from the example in
    C:\Borland\JBuilder\jkd1.4\jre\lib\ext\...the classes
    Then I copied the code from the example to my jpx project and got an error that it could not connect to the socket. The only thing I changed in the code was the connection string:
    --original string from example:
    Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://1433", "");
    I was getting an error with the 2 argument version of DriverManager - and the second argument here was empty (properties argument). Here was my connection string:
    Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://Myserver:1433;User=sa;Password=");
    I am only using the 1 argument version of DriverManager. Note that the password=" is blank because my RnD workstation is standalone - no one accesses the sql server except me - so no password. I also left out the last semicolon I noticed. Any suggestions appreciated how I could fix this.
    Thanks
    source of article:
    http://search400.techtarget.com/tip/1,289483,sid3_gci1065992,00.html
    iSeries 400 Tips:
    TIPS & NEWSLETTERS TOPICS SUBMIT A TIP HALL OF FAME
    Search for: in All Tips All search400 Full TargetSearch with Google
    PROGRAMMER
    Sample code: Accessing MS SQL Server database from the iSeries
    Eitan Rosenberg
    09 Mar 2005
    Rating: --- (out of 5)
    Nowadays with the help of Java the iSeries can be integrated with other databases quite easy. This tip shows you how. The code included here uses the free Microsoft driver that can be downloaded from here. (SQL Server 2000 Driver for JDBC Service Pack 3)
    If your SQL server does not include the Northwind Sample Database you can find it here.
    http://www.microsoft.com/downloads/details.aspx?familyid=07287b11-0502-461a-b138-2aa54bfdc03a&displaylang=en
    The download contains the following files:
    msbase.jar
    mssqlserver.jar
    msutil.jar
    Those files needs to be copied to the iSeries directories (/home/r_eitan/ExternalJARs).
    Here's the directory structure (on the iSeries) for this sample:
    /home/r_eitan/ExternalJARs - Microsoft files (msbase.jar,mssqlserver.jar,msutil.jar)
    /home/r_eitan/JdbcTest02 - My code (Main.java,Main.class)
    The Java code
    import java.sql.*;
    import java.io.*;
    class Main {
    * Connect to Microsoft SQL server and download file northWind.products as tab
    * seperated file. (products.txt)
    public static void main(String args[]) {
    try {
    PrintStream outPut = new PrintStream(new BufferedOutputStream(new FileOutputStream("products.txt")));
    Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver");
    //Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://1433", "");
    Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://Myserver:1433;User=sa;Password=");
    System.out.println("Connection Done");
    connection.setCatalog("northWind");
    String sqlCmdString = "select * from products";
    Statement statement = connection.createStatement();
    ResultSet resultSet = statement.executeQuery(sqlCmdString);
    ResultSetMetaData resultSetMetaData = resultSet.getMetaData();
    int columnCount = resultSetMetaData.getColumnCount();
    // Iterate throught the rows in resultSet and
    // output the columns for each row.
    while (resultSet.next()) {
    for (int index = 1; index <=columnCount; ++index)
    String value;
    switch(resultSetMetaData.getColumnType(index))
    case 2 :
    case 3 :
    value = resultSet.getString(index);
    break;
    default :
    value = """ + resultSet.getString(index) + """;
    break;
    outPut.print(value + (index < columnCount ? "t" : ""));
    outPut.println();
    outPut.close();
    resultSet.close();
    connection.close();
    System.out.println("Done");
    catch (SQLException exception)
    exception.printStackTrace();
    catch (Exception exception)
    exception.printStackTrace();
    --------------------------------------------------------------------------------------------------

    My guess is that the server's host name isn't right. It necessarily (or even usually) the "windows name" of the computer. Try with the numeric IP address instead (type "ipconfig" to see it).
    First aid check list for "connection refused":
    - Check host name in connect string.
    - Check port number in connect string.
    - Try numeric IP address of server host in connect string, in case name server is hosed.
    - Are there any firewalls between client and server blocking the port.
    - Check that the db server is running.
    - Check that the db server is listening to the port. On the server, try: "telnet localhost the-port-number". Or "netstat -an", there should be a listening entry for the port.
    - Try "telnet serverhost the-port-number" from the client, to see if firewalls are blocking it.
    - If "telnet" fails: try it with the numeric ip address.
    - If "telnet" fails: does it fail immediately or after an obvious timeout? How long is the timeout?
    - Does the server respond to "ping serverhost" or "telnet serverhost" or "ssh serverhost"?

  • Is there any way of importing stuffs from Microsoft Access to SQL Server?

    I have quite a big store of information Microsoft Access DB, but now i am required to switch to SQL Server?
    Is there any way of importing to SQL Server, either by Java programming or manually?
    Thank you in advance.

    I like to give some tips on how to fulfil the requirement.. I haven't tried this. If you succeeded, it is well and good.
    1) Using Java:
    If you like to Java to import the data from MS Access to SQL Server, you have to write a JDBC Program in such a way that it has to retrieve the data from each MSAccess tables and store it in temperory java varaible.After writng into the temp. varaibles, the same thing will be written into SQL Server. The whole process is repeated for all the tables in MS Access.
    2) Manual Process:
    Try to get the data scripts from MS-Access for all the tables and Load the same into SQL Server
    I hope that Manual Process consumes less time compared in writing the codes for transformation..
    I hope that you got some idea on reading this. If you have any doubts, try to get back to me..

  • MS Access querying SQL Server: How to configure Network ACL?

    I need to set up a highly restrictive ACL for access to a particular SQL server in our network.  This ACL will reside on our core switch at the "front door" of our network and permit access to the SQL server only using the ports that
    are necessary.  The purpose is to A) Try to keep unauthorized users from gaining access to the host server and B) Should someone somehow gain unauthorized access to the host server. keep them from being able to "hop off" to other PC's on
    the network. 
    The server will be accessed by clients using MS Access to query the SQL database and bring back reports.  A few admins are actually able to make minor changes to the database such as updating a user list or location list. In other words, both
    read and write access is needed to the SQL database.
    I know that the default SQL server port is 1433, but according to a Microsoft Support article I read, "client ports are assigned a random value between 1024 and 5000".
    I was really hoping I could just put something like "permit PC1 access to SQL Server on Port 1433" in my ACL, but after reading the MS Support article it sounds like I've got to allow almost 4,000 ports through?
    Could someone help demystify this for me so I can build the right ACL?

    The tool to use is SQL Server Configuration Management.
    But what you can configure is which port SQL Server listens to. Which port the client listens to is not controllable as far as I know. But that can of course be many, since a client can have many connections to SQL Server. (And the range is not
    restricted to 1024-5000. I connected over TCP locally, and I see this with netstat -a
      TCP    127.0.0.1:6621         NATSUMORI:ms-sql-s     ESTABLISHED
    Then again, I don't see why you would have to open any ports for the clients at all. I have never heard of this being a problem.
    Erland Sommarskog, SQL Server MVP, [email protected]

  • Lync 2013 Enabling Cross-Database Access in SQL Server

    Hello,
    I want to know when Enabling Cross-Database Access in SQL Server will be enabled for Lync Server 2013.
    Will Lync Server enable it by default?
    Stmart

    DCOM Errors are awful.  Here's a few articles that I've read before that match your error. Some you've likely already seen...
    http://d1it.wordpress.com/2013/10/28/dcom-move-lync-user/
    http://blogs.technet.com/b/dodeitte/archive/2010/12/19/issue-when-moving-legacy-users-to-a-lync-server-2010-pool-using-hlb.aspx
    http://www.networksteve.com/windows/topic.php/Unable_to_Move_users_between_2_Lync_Pools/?TopicId=61736&Posts=2
    http://www.bibble-it.com/2011/03/22/unable-to-move-lync-user-dcom-error
    Using the -force command as Saleesh noted should work, but will kill your contacts.  If it's just a few users that are acting up, you can restore the contacts from backup for these users (export-csuserdata before you start).
    Is it all users, or just a handful?
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications

  • SQL Developer Connection to SQL Server

    Hi,
    could some body help in connection sql developer connection to sql server 2005 please?
    thanks,
    kamalesh

    Setting Up SQL Developer for MS SQL SERVER 2000
    1) Install/Extract SQL Developer 1.2.1 in C:\Program Files\Oracle
         Making the {$sqldevhome} = C:\Program Files\Oracle\sqldeveloper
    2) Obtain the JDBC SQL SERVER Pluggin (jtds-1.2.2-dist.zip) from:
    http://sourceforge.net/project/showfiles.php?group_id=33291&package_id=25350
    3) Unzip jtds-1.2.2-dist.zip
         Creates:      jtds-1.2.2.jar
                   \x86\SSO\ntlmauth.dll
    4) Copy the jtds-1.2.2.jar into:
    {$sqldevhome}\jlib Directory.
    5) Copy the the ntlmauth.dll dll in the \x86\SSO subdir into:
    {$sqldevhome}\jdk\jre\bin\ntlmauth.dll
    6) In SQL Developer:
         Got Menu "Tools"
                   - Preferences...
                   Expand the "[+] Database
                   Choose "Third Party JDBC Drivers"
                   Click "Add Entry"
                   Then Browse for your copy of "{$sqldevhome}\jlib\jtds-1.2.2.jar"
                   Note: Use the jar filename, not its parent directory for entry.
    7) Restart SQL Developer and try your SQL Server 2000 Connection

  • Query to find the user is having access to sql server DB

    Hi,
    Please help me in this.
    Query to find the whether the user is having access to sql server DB.
    Cheers,
    sajith

    TUBBY_ORCL?Select 1 from dual where 'ORACLE' = 'SQL SERVER';
    no rows selected
    Elapsed: 00:00:00.01

  • BOXI R2 deployment on Solaris, data access to SQL Server and DB2

    <p>Have you deployed BusinessObjects XI Release 2 on Solaris and are accessing Microsoft SQL server 2000/2005? How about DB2? We had planned on using JDBC for SQL Server, and StarSQL 5.x  for DB2. We are having trouble with configuration planning.</p><p>Anyone have experience with this?</p>

    <p>Have you deployed BusinessObjects XI Release 2 on Solaris and are accessing Microsoft SQL server 2000/2005? How about DB2? We had planned on using JDBC for SQL Server, and StarSQL 5.x  for DB2. We are having trouble with configuration planning.</p><p>Anyone have experience with this?</p>

  • RH server 8 - upscaling from Access to SQL Server 2008?

    Hi gang-
    We are currently running RoboHelp Server 8 on the default Access database and Tomcat. We would like to increase the number of help projects that are tracked by the RH Server, and have concerns that Access will handle the increased load, so we are considering upsizing to SQL Server 2008.
    Our IT people think this should be fairly straightforward, but want to know if Adobe provides any tool or has any recommendations when upsizing from Access to SQL Server.They are concerned about retaining things like primary and secondary keys, as well as any indexes that are currently in Access.
    If anyone has experience with such a migration, please share!
    Thanks,
    -=Ed.

    We are also currently on an Access DB and considering (have been for some time but that's a different story) upgrading to SQL Server. There is no migration tool from Access to SQL Server provided so you'd have to allow some additional effort if you want to retain the data. I am not an expert on DBs but I'm sure there are ways to migrate the data. I have found a few links when searching on Google. For example:
    http://support.microsoft.com/kb/237980
    Adobe does provide a cheat sheet at the link below which may be useful to you.
    http://blogs.adobe.com/techcomm/2009/05/advanced_database_setup_for_robohelp_server_8.html
      The RoboColum(n)
      @robocolumn
      Colum McAndrew

  • Any way of importing from Access to SQL Server?

    I have a huge store of information in Access. But now I'm required to use SQL Server.
    Is there any way of importing the information from Access to SQL Server by Java programming?
    Or is there a manual way of doing that?
    Thank you in advance.

    I need to use Java because this is for a client. I
    can't expect the client to follow those steps. As a
    result, I want to create something simple for the
    client to convert from Access to SQL Server.
    Any other way of doing that?
    That argument does not make sense.
    There is no way that a 'client' is going to be able to manage MS SQL Server without understanding how it works. MS SQL Server is a complex database and requires at least some dedicated support, even if it is only part time.
    For example consider the following:
    -MS Access does not have a log file. MS SQL Server does. How is the log file going to be sized?
    -If the log file fills up (like for a run away query) MS SQL Server comes to a screeching halt. How is that problem going to be fixed?
    Now maybe you are going to provide that support, which means you can run those scripts. Or the client is going to support it in which case they need to have someone who understands it - and they will need to know how to run those scripts (since it is rather basic knowledge.)

  • How to insert data from access to sql server ?

    How to insert data from access to sql server ?
    Please help me
    thanks

    phamtrungkien wrote:
    How to insert data from access to sql server by JAVA?The first four words of my last post:
    masijade wrote:
    JDBC with two connectionsGet a resultset from the jdbc-odbc bridge access connection, cycle through it and add batch insert commands to the jdbc connection to sql server. Give it a try and if the code has an error, then post your code ans ask a question.
    The real question, though, is why you think it absolutely necessary to use Java for this.

Maybe you are looking for

  • Bapi for customer wise material stock on date

    hi all, is there any bapi to find customer wise material stock as on date.as logic as MB5B

  • .swf files not viewing properly

    I am trying to place a .swf file that was made on a PC into my keynote document. All I am getting is a tall black column with type in it. This file works fine in power point but I would like to use Keynote for this presentation. Can anyone help?

  • Question : Save AWT Image Class to File..

    I Have a Question.. @.@a I'm doing AWT transform now.. Well... I have a problem.. I want to save AWT Image class to file.. But.. I don't now that.. Input Image Class same below.. Image imageContent = (Image)attachment.getContent(); How does it save i

  • Lightroom edit in not working?

    When i use the edit in photoshopCC, photoshop opens ,lightroom usually gets the bar onto of the screen never starts and no picture appears in photoshop.  But if i edit in CS6 then it works fine.  i have reinstalled photoshop CC and dumped preferences

  • Menu Role Security

    I have a menu with role security enabled. If I grant one of these roles to a pre-existing user, everything works fine. However, if I grant it to a brand new user I get "FRM-10256 User is not authorized to Run Form Builder Menu". (Note that all of the