We have several SSIS projects on Azure DevOps, everytime I pull the project and another user committed before it destroys my dtproj file. I tried to put the file in the gitignore but then the project do not show me the new files created by other users. I think the problem is that the credentials are stored encrypted inside the file and when the user uploads his credentials it destroys mine.
Any idea how to avoid this error?
Warning loading ETLXXX.dtproj: Warning: Failed to decrypt sensitive data in a project with a user key. You may not be the user who encrypted this project, or you are not using the same machine that was used to save the project. If the sensitive data is a parameter value, the value may be required to run the package on the Integration Services server.
ETLXXX.dtproj 0
This is caused by the package protection level configuration. You should not encrypt the package with the user key in production. This should only be used in the development phase or in some rare cases after being deployed.
I recommend reading more about the SSIS package access control and how it should be changed during the package lifecycle:
Access Control for Sensitive Data in Packages
Securing Your SSIS Packages Using Package Protection Level
I'm absolutely new to DNN world, and I have to migrate a bunch of websites from a web server to another.
Following my expectations and some "guide" on the web, i did:
Exported SqlServer databases from old server
Imported all databases in new server
Copied the whole c:\inetput\vhosts directory from old server to the new one
Created manually the vhosts entries in IIS to host the websites (setting the vhost on the httpdocs dir and converting to application the subfolder "portal"
After some problem with app pool, user permissions, database user configurations etc. i reached to get websites running.
But what it happens is that the websites seems to load the default "theme" instead of the one that was using in production server. What did I forgot?
There is likely an Error that is being thrown with the current "skin" so you'll need to get into the Event Viewer (under the admin page) if you can get logged in, or into the EventLog table in the database to see what errors are being thrown.
select top 50 * From eventlog order by logcreatedate desc
I am trying to configure CI using Visual Studio Online. I've configured GIT and made the build. It is automatically building with every push I make. I want to automatically publish my changes to my database (stored on my server). I've created publish config for that, made the connection string there and put the password in that config. It is working great however is there any way to store the password (other than plain text)?
It is a problem I have tried to fix myself (how do I have an open source project and still have builds with credentials in). The reality is that you can't store credentials in a public place and used by a public server without making them public.
You need to decide whether you trust VSO or not, if you do then you can give it your credentials and if you don't then you can't.
Normal things that you would do such as running the CI process under a service account or giving the account a certificate won't work for VSO because each build happens (seemingly from my testing) on a clean machine each time so you can't pre-configure security settings.
The best that you can really do is to only allow access to your database from known locations i.e. vso and whatever accesses the database rather than everywhere.
ed
I have a problem. My school's databases are only accessible locally. So when I work from home or without an internet connection, I need to switch out the connectionString in my web.config to reflect a local database.
Is there a way to have two seperate connectionstrings, where one is used if the other is unavailable? Also, can I automatically mirror the first one to my local DB if it's available?
I should mention; this is a Web Forms project using .NET 4.0
Common use case "to maintain separate db connections" is to have 1 web.config with multiple configuration folders in your service hosting project.
Basically, your web.config should have connectionStrings section to reference each configuration environment (Dev/Local/QA/Prod):
<connectionStrings configSource=".\Config\Dev\connectionStrings.config" />
I don't believe this is possible to do directly, options could include:
1) Have a flag set either in config or elsewhere to signify the environment you are working in
2) Have a custom method for retrieving the connection string, this could then potentially catch a failed db connection and try again with the other string (you could also save the appropriate string in session for connections after the first one)
I'm wondering what techniques you use to store the database credentials for your application. I'm specifically concerned with java webapps, but I don't think there's any need to limit the questions to that.
things to consider:
Do you use property files,xml configs, other?
Is it bundled into your application(ie in a jar file) or stored seperately on the file system somewhere?
Is the password encrypted? If so, what encryption scheme do you use?
Since you're leaving the question open to platform, I'll add that database credentials for .NET apps are stored in the web.config file. From version 2.0 and above, there is a specific ConnectionStrings section that allows for easier programmatic access to the connection string.
In addition to having IIS automatically block direct requests to the web.config file by default, you can also use an IIS command to encrypt the ConnectionString section of the web.config file. This encryption is machine specific, adding to its strengths, and the .NET runtime will also decrypt the connection string on the fly when you access it, so there is no need for additional coding in your application to work with it.
With Java, database connection pools should be passed into webapps by the container. This is in the standard declarable in WEB-INF/web.xml as resources. The same applies to mail sessions and other external resources that may vary from installation to installation. Look up JNDI for more information on this)
The nice part with this is that the application doesn't care about how to actually connect to anything outside. It will not see any passwords, because the container itself will use them.
In tomcat this is configured either from context files (e.g.) in conf/Catalina/localhost/ , conf/server.xml or - preferably only for dev environments, from the webapps META-INF/context.xml. Other environments have their own configuration location or application.
The encryption of passwords actually depends on the container. Tomcat stores them in plaintext, but the application itself won't see it. I don't know about the mechanics in other environments.
On the Microsoft stack, things can be very nice.
You create a network user account in Active Directory with almost no permissions. You configure IIS to run your webapp as that user. You grant that user read access to the web folders and files on the disk. You configure SQL Server to grant that user read/write permissions on the tables you want. And in the connection string, you instruct the db client to connect as the user account which the webapp is currently being run as.
There is only one actual user account, although it is visible in multiple places. This user account has extremely limited permissions. There is no storing passwords anywhere, even if encrypted. There is no configuration that has to be done in code for this to work (it's all in setting up the permissions).
Depends on the app server.
I usually use JNDI lookups for the data source, so credentials are stored on the app server that handles the connection pool. No need to put anything other than the JNDI name in configuration that way.
Yes, the password is encrypted on WebLogic.
On Tomcat things can be dicey. Connection info is in META-INF/context.xml, which means plain text for the password. I only do that for development, never in production.
In Django, the credentials are in your settings.py configuration file. Since this is not generally kept in your /var/www/ directory tree, it's very safe.
Also, a single Django application may be used (and reused) for many web sites or web servers on the same host, each with it's own distinct settings. So the settings.py configuration is not bundled with the app, but is part of a single deployment of the app.
For asp.net:
I store global parameters such as the connection string and repository paths in the Registry and then a reference to the registry entry in the web.config.
The main reason being that I often find I have to write a stand alone executable to run background tasks and other automated features that require access to the same parameters. Therefore keeping everything that is truly global in one easily accessible place makes for an easier life.
As stated before, no platform specified, and using some ideas from earlier answers:
I am considering a containerised application. You could store the password for the database in a file in the container. The first step of your application would be to establish the database connection, even before listening on web requests. With a successful db connection the file with the credentials is deleted and the variables containing the these, are removed. So when you start serving requests, the only thing that remains, is an open database handle to use from this moment on. If for any reason the database connection is lost, you simply quit and wait to restart the container, the credentials file will be there again.
Which of these are good places to keep your web app’s database credentials?
In a separate file in your source code
In a separate file on your web server host
In your database
None. The database credentials should never be stored