How can I see all connection attempts with my GAE server? - google-app-engine

I am running my application on GAE, for ex., http://example.appspot.com.
I think the standard log displays the details related to HTTP/HTTPS connections with my server. What if someone tries to connect with telnet? ftp? or any other way of connection? Or user connects with HTTPS, but with wrong certificate? Where could I see all such attempts?

Related

Database mail not working properly

I am bit confused sending e-mail via SQL Server 2008 Management Studio. I tried all remedies discussed in most threads, but unfortunately still having the issues. Can someone help me to resolve the matter? Much appreciated!
I am getting following error, when trying to send e-mail via SSMS
The mail could not be sent to recipient because of the mail server failure...(SMTP server requires a secure connection or the client was not authenticated. The server response was 5.7.0. Must issue a STARTTLScommand first
I checked my GMail user name and password, and properly defined profile and account, port used 587.
SMTP E-mail setup done at IIS (Windows 7 PC)
Kindly advise, how can I overcome the e-mail sending issue using SSMS?
It's better to share the configuration which you have set for database mail, but anyways:
STARTTLS means the Gmail server is asking for authentication, and xp_smtp_sendmail does not provide ways for getting authenticated with Gmail or Yahoo.
Check these links ... link and link as I guess you have something wrong in your configuration there.

Do I need to register my SSL certificate in IIS and SQL Server?

I have purchased an SSL certificate and installed it using IIS on my remote system. So I can therefore access my remote system using https://myremotesite.co.uk. All is fine, it seems to work; users can register and login to my remote site and download my GUI to run my application which stores and retrieves data from my SQL Server database.
When a user runs my GUI to access my application it prompts them for their login-id and password and, if they are authenticated, my application pops up on their screen. All is well, it all seems to work fine.
However, I have read that access to the SQL Server database itself can be restricted with an SSL certificate and to do this I would need "Encrypt=yes" in the connection string which my GUI uses to check authentication.
Is it necessary for me to do this? Or is safe to just rely on the IIS HTTPS service? So my question is ... do I need to register my SSL certificate with BOTH IIS AND SQL Server or just ONE of them, and if so, which ONE?
Thanks for the answers thus far .. to explain further, the GUI connects to an IIS controlled website which has specific handlers written to perform a restricted set of database queries. So my database DOES reside on my server, but it only allows my server's (local) IIS to 'login' and insert, update and extract data.
Once the IIS website service has extracted data, it then returns the same to the GUI. So the GUI has no DIRECT access to the database. What I am concerned about is if - by some malicious means - the database was copied in its entirety ... could/should I use my SSL certificate to encrypt sensitive data in this event?

Azure AWS Db Connection

I’m having a very specific issue with Azure and I couldn’t find any solution on the web.
So, we are little by little migrating our client’s infrastructure to Azure and we are starting with our Workers (webjobs).
These webjobs need to consume data present on a AWS SQL Server instance.
We already have checked that the App Service Plan’s Outbound IPs are whitelisted and that the SQL server is listening on TCP port 1433.
An evidence of that is the fact that we are able to communicate with the SQL Server instance through the Azure Debug Console:
But when we run the WebApp, the worker cannot find and connect to the same DB:
Does anyone have a clue of how I can solve this issue? It would be very appreciated!
Well, as you demonstrated by the first image, the SQL Server instance is configured correctly.
The worker Outbound IP address is definetely the same as the App Service Plan's machine.
Based on that, can you then please check if the Connection string you are setting have 'tcp:' before the IP Address?
Sometimes you need to force it, otherwise IIS can choose other ways to connect to your SQL server (like UDP for instance).

JDBC Connection times out in deployed web app with hosting service

I am using JDBC to create a connection to an MS SQL Server Database. The same code and connection string works fine on a number of platforms and in particular in my spring MVC Web Application.
After deploying the web application to a remote tomcat hosting service, everything appears to work fine in the code except that the database connection times out.
"com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host <IP Address>, port 1433 has failed. Error: "connect timed out. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall."
The hosting company says I must provide the exact steps to recreate the problem which may not be ideal. The only thing I can think of is to write another cut down application that connects to a different db with different credentials and test that in dev and deploy and then email them the war so they can deploy it and test it in their own environment.
Does anyone know of reasons why this might happen with a hosting service, like blocking the database response for some reason? Or is this very unlikely and should I assume that I am doing something wrong and persevere in understanding what might be different between my dev app and deployed app that could cause this timeout. Not that I can think of anything.
I don't want to take all that time if there is a common reason why this might happen that someone could point me to.
Thank you.

Exposing DB within the application

How can I secure connection or db credentials when directly accessing the DB server over the internet from the client side application.
Use SSL, or encrypt the user/password yourself before sending it.
SSL or some other credential obfuscation (depends on database server) will work in the case where you have a remote client directly talking to the server, but that will require the remote side know the credentials. If you want to prevent them from knowing the DB login information you'll have to write some form of adapter.
This question could use a lot more detail.

Resources