I'm currently looking at metadata solutions for Microsoft SQL Server 2016. I'm interested in using Schemaspy. I think it looks like a great free way to document metadata, but I'm worried that it may not be secure for use in a company with sensitive data.
Question: Is Schemaspy secure to use? Can it be used as a loophole to hack into servers?
Thank you very much in advance!
SchemaSpy is solution that can be used with sensitive and confidential data.
Application code itself is not reading the database data but database structure and metadata from jdbc driver.
SchemaSpy is run as local program and everything what application is generating happen only on your computer and stay there.
In the code base we are not using any external servers or web services in the process of generating and preparing database documentation.
You can look on generated example by SchemaSpy: http://schemaspy.org/sample/index.html
Related
Every relationship database can be used without the need for installation of any software or tools, as most of the query read/write is all done to read a file that stores data in a specific format.
Can the same thing be done with a graph database (doesnt have to be neo4j, i wouldnt mind an alternative) without installing software, or having terminal endpoint running for access to database?
Example:
MySql is a db file you can query
MSSQL is a db file you can query
SqlCE is a db file you can query
Sqlite is a db file you can query
Neo4j: You need to download, install, have running and query through ip address?
OR... pay higher rates (2-5x cost?) for graph DB hosting in comparison to RDMS which is so inexpensive, it's practically given for free for most web hosting services.
Purpose and Reasoning for Question
I'm looking for some cost efficient solutions to run a graph database
with all the bells and whistles, that i can run from web host or
application (that only handle IIS and hard-file transfer services --
maybe it can do netcore, but dont know if you can run graphdb through
netcore as a module service).
Yeah, MSSQL is doing it now, but it's
limited in what it can do and handle, as well as the tutorials are
lacking in how to properly write NoSQL queries as fluent as the SQL
stuff...
Well, i found the answer to my question, and it's "yes, you can create a standalone graph.db to query from (in neo4j)." However it's only limited to Java and not supported by other languages or frameworks.
Neo4j calls it an "embedded" database. Which is exactly what i was asking in my question, though i was hoping to be able to use the services in a .net application, which turns out to not be compatible.
If anyone has any alternate solutions that can work with netcore, i would love to see it posted here. I'm happy to know that i was right, and that it is possible to run queries on a hard file. Just disappointed that because neo4j is native to java, the technology is only available to java apps. Has no one written a c# port yet? (Not in-memory, but to and from hard file.)
Anyways, i'll continue to research and look more into all of this. Thank you.
Edit-1: Graph database for .NET
I'm working on a .NET Winforms application (VB.NET, .NET framework 4.5) that stores data in a SQL Server Express 2016 database; BOTH parts are running on the same machine.
Some of the columns in the database contain data that are sensitive and should not be available unencrypted to the user. So, I started looking for an efficient way to accomplish that. After some reading, I saw that the "new" Always Encrypted feature on the SQL Server is a quite efficient "out-of-the-box" way to implement this but with one catch... SQL server and client application must NOT be on the same machine since the certificate is stored in the local Windows Certificate Store.
My question: is there any way to do this without going to the Azure solution? The app must be able to work even if the PC is offline.
Any suggestions are welcomed. It's very important though that encryption must be as "light-weight" as possible, resources-wise. Thanks everyone in advance. Sorry if my English is not that good.
P.S. I tested this setup just to be sure and yes, you can decrypt the data through SSMS when both SQL Server and client application (with the certificate) are on the same machine.
Update: Check answer by Andrew. Big thanks to everyone for the help.
This was resolved by implementing custom AES encryption of the data from within the application (and quite efficiently actually).
The user can now see the data decrypted in the application but not through SSMS.
I have a two-part application, where there is a central database that is edited, and then at certain times, the data is released and distributed as its own application. I would like to use a standalone database for the central database (MySQL, Postgres, Oracle, SQL Server, etc.) and then have a reliable export to an embedded database (probably SQLite) for distribution.
What tools/processes are available for such an export, or is it a practice to be avoided?
EDIT: A couple of additional pieces of information. The distributed application should be able to run without having to connect to another server (ex: your spellchecker still works even you don't have internet), and I don't want to install a full DB server for read-only access to the data.
If you really only want your clients to have read-access to the offline data it should not be that difficult to update your client-data manually.
A good practice would be to use the same product for the server database and the client database. You wouldn't have to write SQL-Statements twice since they use the same SOL-Dialect and same features.
Firebird for example offers a server
and an embedded version.
Also Microsoft offers their MS SQL Server
as a mobile version (compact edition) and there are
also Synchronization services
provided by Microsoft (good blog
describing sync services in visual
studio:
http://keithelder.net/blog/archive/2007/09/23/Sync-Services-for-SQL-Server-Compact-Edition-3.5-in-Visual.aspx)
MySQL has a product which is called "MySQLMobile" but I never actually used it.
I can also recommend SQLite as an embedded database since it is very easy to use.
Depending on your bandwidth and data amount you could even download the whole database and delete the old one. (in Firebird for example only copy the database files and it will also work with the mobile version) Very easy - BUT you have to know if it will work for your scenario. If you have more data you will need something more flexible and sophisticated, only updating the data that really changed.
I'm having trouble figuring out databases in VB.NET. (VS 2008)
What control(s) do I need to use and how do I use them? I am ,looking for tutorials and sample code too.
I'm working on a trivia game where the admin can remove and add questions to a database.
EDIT:
The program must be able to do all of the DB interactions itself through code.
Regarding DB portability...
I do not intend to install it on many machines, so portability is not a major issue, but I's rather not be bound to Access or SQL Server. (Is that possible? - A portable database file?)
A bit more complaining...
I really need help with connection strings and the whole DB gamut in VB. I've done DBs in PHP so I'm not completely ignorant. It's the VB side of things that's confusing.
Thanks.
Have you considered SQLite DB? It's a very small DB and is used my many vendors. I have not used SQLite personally, but I do know that Firefox uses it and so does iPhone (from what i've read).
SQLite does not require you to install anything (as per the post below). It's a nice alternative to Access or carrying around SQL Server Express.
If you do decide to use SQL Server Express, you will be required to install the run-time, from here for each machine it's used on.
Below are some links which may help you get started
Google for SQLite DB
ADO.NET 2.0 Provider for SQLite
And finally, here's a blog post outlining how to get it done, and quickly.
Cheers!
I would suggest Microsoft's Enterprise Library - The hands on labs available make it a breeze to setup access to a database, and can make it as simple as a config change to point to a new/different DB.
Also, check out http://connectionstrings.com/ for related info.
I have been working on VB6 database desktop programming, but now a client is asking for a
simple web interface (some inserts into SQL Server db used by a desktop application).
The question is: Which approach is better?
1)creating asp.net project, connected directly to the SQL Server database;
2)creating separate (simple) mysql database managed by php and synchronization (in 15 minutes for example)
Thanks.
Personally since you already have the SQL Server database, I see no reason whatsoever to add the complexity of another database and then synchonization. The first alternative is simpler to create and can be secure if you design it correctly. The issue about hosting is irrelevant since you are going to your own database that already exists, so is the issue about cost since the databse is already there. Further since you are already supporting SQL Server, you may be able to reuse some code rather than write new code (mysql's version of SQL is not the same as SQl Server's version). Synching the two databases may be more complex than you think (differnt data types, etc.) and the data in the real database is not real-time whereas with the first alternative it is.
I'd prefer the separate database approach.
It's more secure.
PHP/Mysql hosting is widespread
You can pretty much achieve anything with the technologies available, it just depends on your skill and productivity with specific technologies and the availability of online help. Plus Microsoft stuff you tend to have to pay for whereas PHP/MySQL is totally free.