How to connect to MSSQL using tokens or encrypted strings - sql-server

I have two questions that i cannot find an answer for.
I have already searched a lot.
The situation
I will deploy C# winforms application to a client, the app have users who should connect to my database on whatever host is to validate they are already logged in to prevent the same user from being logging again from other PCs, so basically when the user logs in the app sent a command to my DB that the XYZ user has been logged in.
The questions
First one and the most important one: how to access my MSSQL server from the client side without putting in the connection string because as you know someone may decompile the app and find the user and password, so basically how to TOKENIZE or ENCRYPT the sql connection string (may then will be decrypted in SQL server but i don't know how too)
The second question is: how effectively implement the above situation, as you know it is easy to send commands that hey I'm logged in and hey I'm logged out (when the user click log out) BUT... What if the electricity went off? the app will not have the chance to send log out command to my server and therefore the user will be LOGGED IN in my server even he is actually not.
Hopefully i do describe my questions properly.

Related

Error establishing a database connection on wordpress sometimes

i have a blog with wordpress but sometimes i have problem with that
i got blow error
« Error establishing a database connection This either means that the username and password information in your wp-config.php file is incorrect or we can't contact the database server at %s. This could mean your host's database server is down.
Are you sure you have the correct username and password? Are you sure that you have typed the correct hostname? Are you sure that the database server is running? If you're unsure what these terms mean you should probably contact your host. If you still need help you can always visit the WordPress Support Forums »
by searching the internet some say that it can come from the database connection information but my concern in my case is that it only happens occasionally and if I wait 5 minutes and I refresh again, the site works again correctly, then if I wait a few hours and I try to reconnect the problem comes back again… it happens in my back end and my front end, I have searched in vain I can't find anything in my case please please help friends, here is the URL of the site:
(https://www.creationsjennah.fr/) host is 1&1 IONOS : offer web hosting option in business plan
I would like to remind you that I am probably the only one to use the site, it is in the test phase in an online environment, I see it in the statistics of my site.

Multi connection to SQL Server database

I am facing an issue since yesterday. I have a SQL Server located on a remote hosting provider. The provider claims that there could be max 5 connections at the same time.
I also have my own developed app. Until now there was only one user using the application and there was no problem with the connection to that database.
Now we got an additional user who will be working with this app from another place. The problem is, when the first user logged in into the program and he's using it, the second user retrieving information on login form that cannot connect to the SQL Server but before application thinking around 30 seconds before that message.
Seems there can be only one conenction at same time and not 5. Can you advise something or is there any test I can do to check it and make sure where I stand?

How to make client PC work independently from Server

(Sorry, I don't know exactly should I ask this question here in stackoverflow or other related sites. please move it if isn't appropriate)
There are some unrelated groups of students which each group members produce data together. each member use his credentials to login to the client desktop application and send data to the server. other group members should see new data if they login with their credentials.
The problem comes in when I want to make the client works although there was an error in connection to the server. I don't want to stop them if they couldn't connect to server, so they make data and later will send it to server.
here is the problem, without connecting to the server, how can I make memberships in the client and be sure he really belongs to the group, or how can I know other member has new data in the local machine so his collegues can see it?
I don't want to use another local server, just a remote server and a local machine with database.
If the server is unavailable, the only way to know if a person is in a group is if you have that information stored on the client. Of course, someone could be removed from a group and the (disconnected) client does not know it.
Solving this would depend on how your system is used.
If membership does not change very often, you could use the client-saved membership as long as it is not too old (e.g. use it if it is less than 4 hours old, or some such rule).
Whenever the client re-connects to the server, it should ensure that its local data is refreshed if it older than N-hours
In addition, when the connection is re-established, and the data is sent to the server, the server should check once more. if the user has been removed from a group, the server can reject the data

Credentials for the SQL Server Agent service are invalid

Want to improve this post? Provide detailed answers to this question, including citations and an explanation of why your answer is correct. Answers without enough detail may be edited or deleted.
I'm trying to install SQL Server 2008 development server on my local machine as administrator.
During the installation I receive this error, any idea how to solve it?thanks
[Error Message]
The credentials you provided for the SQL Server Agent service are invalid. To continue, provide a valid account and password for the SQL
Server Agent service.
[Details]
Microsoft.SqlServer.Configuration.Agent.InputValidationException: The credentials you provided for the SQL Server Agent service are
invalid. To continue, provide a valid account and password for the SQL
Server Agent service.
Use the credential that you use to login to PC. Username can be searched by Clicking in sequence
Advanced -> Find -> Choose your Username -> (e.g. JOHNSMITH_HP/John)
Password must be same as your windows login password
There you go !!
I solved using as credential built-in accounts as the NetworkService
this article point me out in the right direction
http://www.sqlcoffee.com/SQLServer2008_0013.htm
Under the "Account Name" Drop Box choose Browse.
Type the user name that you used to log in to windows on the
"Enter the object name to select" and then click "Check Names".
Click "Ok".
Under "Password" just type the password that you used for windows login.
In my case it was more of a Microsoft bug, than an actual issue. I installed under the Administrator login and used strong password btw but I was still getting this error constantly.
I tried to install with Windows credential without entering the password, but that did not go through either. Was getting the same error.
Then I cleared all password textboxes manually and copies the correct password in each text box. Hit enter, and it went through.
The error was most likely misleading.
There seem to be several problems that can cause this symptom. To tell them apart, one needs to look in the setup log files in %PROGRAMFILES%\Microsoft SQL Server\[versionnumber]\Setup Bootstrap\Log, probably Detail.txt.
According to this article, when running the installer as a local administrator and trying to use a domain account for the service, it may claim that the credentials are invalid because the local administrator does not have sufficient permissions in the domain to look up the service account's SID. This was the main problem I was encountering, and it might be what was affecting the original poster a year and a half ago.
I've had this error as a result of trying to use a cloned VM that had the same SID as the domain. The two options to fix it were: sysprep (or rebuild) the database server OR dcpromo the DC down and back up to change the domain SID.
I found I had to be logged in as a domain user.
It gave me this error when I was logged in as local machine Administrator and trying to add domain service account.
Logged in as domain user (but admin on machine) and it accepted the credentials.
In my case password was expired. Change the password and try the step again.
Well I have been battling to understand why, when at the Account section of the installation of a second node, the system will not accept the password I used to log in. I have been scratching my head - reading every post under the sun all to no avail.
I did notice that some service accounts were given as service.instname.instno#FDNdomain.com and others were given as DOMAIN\service.instname.instno (the latter being the Win2000 version)
I also noticed comments about strength of password so I thought - I can do that so I changed the password to a much higher strength and RDC in to the server - with new password and thought - best to update the services on the existing node first. I stopped the service, clicked on password and pasted in from the clipboard - (can't go wrong eh?) ha ha says Windows.. Got ya.. it wouldn't accept the password - that I just logged in with. I clicked on browse to select the service account and VOILA! the account name changed to the DOMAIN\user version and readily accepted the password. I then repeated the exercise on the other service. I then found that the node installation would continue (after backing up and forward through the process) to pick up the new name format and accepted the passwords without complaint.
I think the moral of this experience is to use the wizards and select through the "browse" button rather than manually entering the service name.
I hope my experience saves someone else the pain I went through.
Still Confused
I had a domain account with a strong password, but it didn´t work, then I used Network Service account. I tried to change it on SQL Server Configuration Manager after installation and it worked.
Taking SQL Server cluster role offline-Online on node 1 worked for me.
I had a VM that was server 2012 and I had to change the nic to VMXNET 3. It wasn't connecting to the domain fast enough for the services to start I guess.
the button 'Use same account' below thee main window will fill in all the textboxes automatically. this worked fpr me.
You might encounter one of these three problems:
Password Policy Violation, find valuable information here: https://msdn.microsoft.com/en-us/library/ms161959.aspx
Password not starting with a "character"
Domain Service User's account might be locked.
A blog post with the summary for all three possible problems might be found here:
https://cms4j.wordpress.com/2016/11/29/0x851c0001-the-credentials-you-provided-for-the-sqlserveragent-service-is-invalid/

VB.Net Secure Passwords to Database?

I recently made a small app for a friend and then made it a public app, in doing so I forgot that it connects to my MS SQL DB and checks for values. Someone used Red Gate .Net Reflector to get my password and destroy it all. I've contacted their ISP and they are looking into it, apparently this person has a static ip with them.
So this is a lesson learned at a heavy price for me. How can I prevent this from happening again? How can I get away from the unsafe connection string they were able to use?
Never hard code connection strings. Use the configuration section provided for it (connectionStrings), and if really paranoid, encrypt it.
If you are using a shared database, you should not even have a connection string on the client, but create a service point (for example a webservice) that will connect to the database on their behalf. The client can connect to this and your connection string is safe behind your service, which is in your control and on your server.
Don't expose a database connection, but have your app communicate through a webservice, or similar, that only has methods and privileges, to do what the app needs.
If you absolutely need the database connection, make sure the user only has read permissions on the database.
Encrypting the connection string is a start, but your program will have to know how to decrypt it for it to be useful. If your program can decrypt it, an attacker will also be able to - you can only affect the amount of work he needs to put in it.
Therefore, in my opinion, you should expose a read-only service.
If it's a public app, you need to provide individual logins for each user or have a proxy sitting between the database and the application which authenticates the users and talks to the database.
Encrypting the connection string wouldn't help much, I think it can be easily decrypted with built-in tools or with Crack.net.
If you're suuuper paranoid, prompt the sysadmin for the password each time the application starts (maybe an admin interface.) That way it's only memory resident.
I love this question. Like driis said, even with encrypted connection strings you need to store a password (or key, or whatever) to decrypt your encrypted connection string. Just more layers of the same problem.
Using connection strings and encrypted sections in you config will won't stop this type of attack, it's only designed to make the config file unreadable on a machine other than which it is installed.
The only safe way is to create a web service that connects to your database to retrieve the data, and then make sure that the web service logon only has the minimum permissons required, or force the user of the web service to logon and them impersonate that user for the database connection.
It appears you don't have firewall protection to stop external connections directly to your database so I wonder what other even more dangerous ports you may have exposed to the internet???
Using a firewall to limit access to your server to http, and https protocols would reduce the chances of a successful attack.

Resources