I'm currently learning the basics of cloud computing, and have been trying to set up and access a small database using AWS RDS. I followed this video, and have followed it word for word. But when trying to connect to the db, I get a connection error.
I initially tried this with a PostgreSQL db, but have since remade and trying with another DB provider to see if that was the issue.
The DB is set to be publicly accessible.
I've checked/rechecked master user/password, and have even reset the password just in case
I've edited inbound rules to allow ALL inbound TCP Ipv4 and Ipv6 (not good practice but just trying to get access from anything)
I've written the endpoint by hand just in case there was trailing whitespace or a sneaky \n somewhere in it
I'm honestly at a complete loss of what to check next. I'm assuming there is a setting somewhere I'm missing, being new to this topic, so any help would be greatly appreciated.
Related
I have a Python package that I am able to run successfully on an Azure Data Science Virtual Machine. However, when I push it to Azure as a Function, I cannot successfully make a database connection. I was getting an error that the ODBC Driver 13 for SQL Server was not supported, so I changed the driver to ODBC Driver 17 for SQL Server and now I am NOT getting an error, but no data is being returned for a query that I know should return data.
Is there any other reason that data would not be returned? Firewall issues? do I need to add a binding? Do I need to separate out the connection string to feed each part (e.g., Driver, UID, PWD) into pyodbc.connect() separately? Right now I am feeding it in like this:
setting = os.environ("CONNECTIONSTRING")
conn = pyodbc.connect(setting)
This query works fine returning data when I run it on the VM using this code, just not as a Function.
(Note, this is different from my previous post regarding reading the Azure App Setting. That problem has been solved).
There are many parts where this could be breaking.
I'd suggest start by having a Profiler or Extended Events trace on your SQL Server to verify whether a connection is even being established. If not then you need to work through the the various points of connectivity to find out where it breaks. The identity, firewall, NSGs etc might all come into play here.
Once you see a connection then you can play with permissions to ensure that your query then returns your data.
Without a full picture of your infrastructure and settings it is hard to pin it down further.
Turns out it was not a database connectivity issue like I thought it was; it was a code error.
Platform: Google Data Studio
Data Source: MySQL
Connection was working before,
meaning no issues with credentials.
All of a sudden, getting the below error:
All IPs have been whitelisted from the google data studio list of ips.
The only thing that comes to mind is a limitation of GDS to process data.
The data source table has around 200K+ rows.
Not sure what is the limitation for GDS with MySQL.
There's no indication anywhere.
Anyone out there can help to solve this or maybe provide some info would be appreciated.
Thanks
If you use a firewall, be sure to double check the Google ip adresses. They may have added new ips (in my case, the last one was missing).
Check them here !
After doing so, I had to change the Host name of the connection to the database for a url alias (www.yourserver.com <- url pointing on your server), and change it back to the IP to make it work.
Sounds like a the connector cannot establish a new connection.
Cloud SQL Connector:
At the time of writing this, the connector seems unable to establish a new connection once the existing one has timed out and modifying the JDBC url to include query parameters gives you an error when authenticating.
This is probably due to the connector appending it's own parameters.
(Seems to be a possible bug here when a connection no longer exists)
MySQL Connector (with IP Address):
This connector allows you to add query parameters to the JDBC url. Enable SSL and append useSSL=true to the url.
e.g.jdbc:mysql://<ip>/<database>?useSSL=true
This worked as expected and establishes new connections when required.
Example Source Setup
Suffering from this issue too, my experience is that using the MySQL connector instead of the Cloud SQL Connector provides better stability in combination with setting wait_timeout to a value above 12 hours.
This issue has been reported on the official Google Data Studio bug tracker. Please vote them up if you are also suffering from this !
🐛 130205306 MySQL connection does not exist Apr 9, 2019 04:36PM
🐛 118470083 Data source password not stored for MySQL sources. Oct 26, 2018 01:24PM
I made ASP.NET MVC web application, uploaded the files, also the database, but I get the following error when browsing it.
The network path was not found
I'm using Entity Framework and this is the connection string in my web.config file
<connectionStrings>
<add name="[mydatabase]Entities" connectionString="metadata=res://*/Models.Model1.csdl|res://*/Models.Model1.ssdl|res://*/Models.Model1.msl;provider=System.Data.SqlClient;provider connection string="data source=sql.[somedomain].net;initial catalog=[mydatabase name];User ID=[myUsername];Password=[myPassword];MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
I've uploaded many websites using IP Address eg. xxx.xxx.x.xxx as data source, but this is the first time to use server name eg. sql.[somedomain].net -I cannot get the server ip-, so I'm not sure if this caused the error, or if I should make something special to make it work.
So, I'm asking if there is something I should do to use server name as data source, if not then what else may cause this error.
This answer doesn't really help.
Thanks in advance.
Update
If I ping the server sql.[somedomain].net, I get this result
Ping request could not find host sql.[somedomain].net. Please check the name and try again.
And if I nslookup it, I get this result
*** Unknown can't find sql.[somedomain].net: Non-existent domain
So does that mean -for sure- that the server is not accessible. And is there anything I can do beside contacting the hosting technical support?
Solved
It was the Hosting Provider error/misconfiguration. After 3 days of searching and contacting the customer support, they realized it was their issue. I'm leaving this question to tell future viewers to Host Only with reliable/well-known Hosting Providers no matter what.
The info you got from tech support seems fairly contradictory. It's common to disable remote access for database servers, but if that's the case, then using the domain to connect doesn't really help you.
If you're trying to connect to this database from a published MVC project, residing with the same provider as supplies your database, then you should have no issues connecting as you're no longer "remote". However, unless your DNS is also hosted at the same provider, using the domain may make the connection appear remote, as it's going outside to come back in. The safest bet is to simply use the IP address of the database server in the connection string.
Also, pay attention to the IP address you have for the database server. If it's in the 10.* or 172.* range, it's a local IP, but if it's something else, it's most likely an outside IP address. Trying to connect to such an address, may also make the connection appear remote as you're going outside the network to come back in. Also, while disallowing remote access to a database server is a good idea, you can generally safely allow remote access to certain IPs. You most likely don't have control over that directly, but you can check with your provider to see if they can add an explicit rule for your web server's IP so that even if the connection is coming through as remote, it'll still work.
As far as working locally in development, you'll just have to use a local database. You may already have that covered, but your question wasn't entirely clear on that aspect.
I also faced the same issue. I used the forward slash instead of back slash for instance name (clustername\instancename). Once I changed it to back slash. It worked fine.
I have a mssql 2005 and software (that written by visual basic 6) and the software connects to the mssql.(local)
but the problem is that the "sa" user password changes every day!
And the company that write this software does not give us the password.
And the windows authentication does not work and I think that they delete the windows user too.
I searched on the msdn and ... that i found in the LAN, packets from clients were encrypted in SSL type and sent to the mssql and in a specific packet it includes the username and password of the db, and if that user&pass is same with db user&pass it can be full access to db.
I used backtrack & metasploit but it use dictionary for attack but it did not help me .
I used wireshark for finding that specific packet , then i think i found it (99% I sure) but that packet has a lot of unclear characters and i could not find those.
do you think that if i use SSLSTRIP to make a fake certificate then use it between client and server (as a gateway) can i get that? How?
can I use single user mode to add any user to mssql? How?
You are totally approaching this from the wrong angle. You have a software package that goes at extra lengths to prevent access to your data. You problem is the vendor, ditch him. Use a different software, one that has a rational vendor behind it.
Here are the MSDN official, approved, methodology to regain access on a SQL Server that had locked out administrators: Connect to SQL Server When System Administrators Are Locked Out
I guess everything is possible but I am wondering how easy is it for someone to hijack a connection string with a network packet analyzer or equivalent tool.
A winforms application fetches data directly from an MSSQL server.
(Supposing there are no webservices in the middle for extra protection)
1) Is it possible for someone with an analyzer to read the connection string as clear text?
2) The connection string could be protected with an SSL certificate?
3) The SSL certificate should be installed on the SQL server?
4) I already own an SSL certificate https Could I install it also for the SQL server?
5) The speed of the the return data, will be reduced due to SSL?
Thanks in advance
Yes. If they're on the same network as the packet sniffer (henceforth "the sniffer") and the connection string is in plain text it's easy. Using a switch instead of a hub will not make it any harder to do this.
still possible using a man-in-the-middle attack. Channel binding is designed to detect and prevent this, along with careful examination of the certificate received by the client. Client certificates would help strengthen this as well
yes it should
as long as the host name matches the sql server exactly it should work, otherwise you'll need a new cert.
it probably will reduce the speed but not by much. Benchmark it and see if the slowdown still gives acceptable performance; there's no other way to predict the impact with any degree of reliability.
One other thing: if the connection string is encrypted I can still analyze the packet to find your server's location and if the data being passed back and forth isn't encrypted I can still read it even if I can't connect to the sql server. I can also potentially modify it. This is why it's unusual for a SQL connection to exist over the internet and why it's usually either connecting to a DB on the same server, connecting via a local network, connecting via a VPN, or encrypting the whole data stream.
If it isn't encrypted, it can be read, yes. Note that the SQL Native Client may often perform a non-SSL based encryption (depending on lots of factors), but yes, it can also be encrypted with SSL; see technet. And yes, it slows things down slightly. The requirements for the certificate are all in the technet article. But please don't expose your db server to the internet...