I see SQL Server 2016 SP1 All Editions now have "Always Encrypted" available. From looking around, it appears there's a new ODBC driver that will work with the "Always Encrypted" data.
With the caveats in the SQL Server documentation about working with encrypted columns, does anyone have experience using this encryption with Microsoft Access? Will it work with Access 2010, or does it require newer versions?
Is there a noticeable performance hit from the encrypting/decrypting? Am I reading it right that since joins and where clauses require additional handling for encrypted columns, best practice would be to not use sensitive columns as keys.
Also, I have an Access Project -- can this work with Access 2010 in a Project (adp), or will I have to update to an .accdb version of the application?
Here is a post with a solution on how to configure Access with Always Encrypted: https://social.msdn.microsoft.com/Forums/sqlserver/en-US/b9eea19c-1943-4b25-b07d-9193f7b7dab0/odbc-always-encrypted-problems?forum=sqldataaccess.
Related
We have a product that historically uses a Microsoft Access database which is great because it is portable.
However we are looking to move to SQL Server and this will range from the Express version upwards. In the Access database we can use a password to protect the database from prying eyes. Although I appreciate it only offers limited security. We need to be able to protect a SQL Server database however we do have access to the server as the database is delivered as part of the install. The client would install SQL Server and then attach the database. I looked at NetLib but that requires an install on the server. I cannot use TDE as SQL Express does not support that. I can use column encryption but I was wondering if there was a database wide solution. Basically no one except for us as supplier should be able to query the data unless they use our software interface.
I'm currently evaluating options for synchronizing two identical databases that will be deployed on two different SQL Server (1) instances. I've started with the Microsoft Sync Framework and if it does not fit my requirements I'll check SQL Replication.
Anyway, long story short, I'm trying to get a basic scenario to work using the Sync Framework but unfortunately all of the examples and tutorials I've seen online use the SQL Provisioning Provider which adds certain tables, stored procedures and triggers to the database - I want to avoid this, obviously.
I read somewhere that the Sync Framework can use SQL Server's built-in Change Tracking features, but this only works when the client is SQL CE (example). But all what I have read so far seems to be out-dated. I couldn't find anything that is relatively recent about the topic. So I was wondering whether the above is still valid or the Sync Framework added support for the built-in Change Tracking with SQL Server 2012 (or 2014).
In case this scenario is still not supported until this day, could someone refer me to an example (or at least some hints) of how I could develop a custom provider to use Change Tracking on both the client and the server?
(1) SQL Edition is not a constraint. Even SQL Server Enterprise Edition is an option.
support for SQL Change Tracking only works for the older SqlCeClientSyncProvider/DBSyncProvider/SyncAgent, in short you can only use to sync SQL Ce with a SQL Server configured for SQL CT.
the newer sync providers do not support SQL CT.
there used to be a sample SQLExpressClientSyncProvider from MS that has been pulled out from the download site due as it has some issues.
Writing a custom sync provider is not easy, if you can go for SQL Replication, that will be an easier route.
We have a team of sales persons who travel often carrying a laptop loaded with Sales data in a SQL Server Express database. What are the options available to encrypt a SQL Server Express database?
What's your threat model? Are you trying to stop a casual thief who's stolen a laptop, or a determined hacker? Are you trying to protect just the data, or also the schema?
If you're using SQL Server Express 2005 or higher, then it supports native asymmetric encryption. But if you're trying to stop a determined hacker, then I think the best option would be to encrypt the whole disk using something like TrueCrypt, or BitLocker for Vista/Windows7.
You may also consider using transparent encryption solution for SQL Server called DbDefence.
It is free for databases less than 77MB
I see that others have mentioned a third party product. If you are open to that, you can also consider Encryptionizer for SQL Server, which supports all versions and editions of SQL Server from Express to Enterprise. Disclaimer: I am with NetLib Security.
Can it be done and if so, how?
You can also check out Sync Services for Sql Server and Compact edition. The benefit of Sync Services is that you don't need a replication server or IIS and you can also sync between compact edition databases. This method involves writing a fair bit more code and is fairly involved, but I'd recommend looking into it as a lightweight service.
You can use Merge Replication. Theres a tutorial here SQL Server Compact 3.5 How-to Tutorials (Number 5).
Certainly replication is possible, as is Sync Services if you're not afraid to get your hands dirty. It depends on the details of what you need:
Sometimes-connected application wanting to have a read-only cache: Sync Services
Sometimes-connected application wanting to have part or full update ability: Sync Services
Remote site with multiple workstations needing read/write access to data: replication if you can get a secure network connection that's stable enough, otherwise look at extending Syn Services to work with SQL Express (or full SQL Server) based on the sample here: Sync using SQL Express
If you just want a SQL CE database and you're working with a SQL 2008 server then the wizard in Visual Studio 2008 SP1 will do all the work for you, you need only add 1 line of code to it if you want bi-directional support. If you can't upgrade then it will take more work with SQL 2005, and it's only reliable if you have at least SP2.
I'm in the middle of a project that requires multiple sites to have a sub-set of data in an environment where each site may lose it's connection to the head office at times, we've managed to get Sync Services to work with SQL 2008 at the head office and SQL Express 2008 at each site with full change tracking (2008 feature) and it's working great. It does require a reasonable amount of code (C# and SQL), so we've used some pretty smart templates to help. Be aware that.
Perhaps you could refine your question with more details?
Because of budget constraints I think it will have to beta-tester's approch,i tried following the guide and cant seem to get it working. Before I spend time getting it to work, I just confrim, Replicating between SqlServer 2005 and Compact Edition is something that can be done?
I just confrim, Replicating between
SqlServer 2005 and Compact Edition is
something that can be done?
Yes it can definately be done using either Merge Replication or Sync Services
The company I work for has an old Access 2000 application that was using a SQL Server 2000 back-end. We were tasked with moving the back-end to a SQL Server 2005 database on a new server. Unfortunately, the application was not functioning correctly while trying to do any inserts or updates. My research has found many forum posts that Access 2000 -> SQL 2005 is not supported by Microsoft, but I cannot find any Microsoft documentation to verify that.
Can anyone either link me to some official documentation, or has anyone used this setup and can confirm that this should be working and our problems lie somewhere else?
Not sure if it matters, but the app is an ADP compiled into an ADE.
I've had a similar problem before when using ODBC linked tables to connect to an Sql Server. The solution was to relink the tables and specify the primary key to the table. If Access doesn't know the primary key it cannot perform inserts or updates.
I haven't any experience with ADPs but it could be a similar thing, theres a knowledge base article about it here http://support.microsoft.com/?scid=kb%3Ben-us%3B235267&x=15&y=13
I'd say check the VBA in the Macros to see how it is doing it. It is probably using some form of VB connection to the Database in the back. I love the fact a Database is contacting a Database for it's data... :)
All I've read about Access 2000 -> SQL Server 2005 is that the upsizing wizard isn't supported.
If only the inserts and updates aren't functioning, it sounds like a permissions issue. Make sure the sql server login you are using in your connection string has read/write permission on your database.
Please avoid using the "sa" account for this purpose!
If only the inserts and updates aren't
functioning, it sounds like a
permissions issue. Make sure the sql
server login you are using in your
connection string has read/write
permission on your database.
Please avoid using the "sa" account
for this purpose!
We wanted to use a generic apps account but that login "could not find" any of the stored procedures even though they existed and the login has explicit permissions to run them (and was also tested successfully, as that user, in SQL Management Studio). It wasn't until we granted that login "sa" privileges that we could actually access the database at all through the application.
but have you tried setting the
compatibilty mode for the database to
sql server 2000.
I'm not really sure how this is done. Could you explain?
Also of note, if we upgrade the app to Access 2003, everything works fine. Unfortunately, our IT dept does not want to upgrade everyone from Office 2000 to 2003, so this is not an option.
Thanks for your help.
I'm not sure about that particular combination being supported, but have you tried setting the compatibilty mode for the database to sql server 2000. Maybe that will resolve your issues.
Edit: To do this run the following SQL:
EXEC sp_dbcmptlevel Name_of_your_database, 80;
More details here: http://blog.sqlauthority.com/2007/05/29/sql-server-2005-change-database-compatible-level-backward-compatibility/
but have you tried setting the
compatibilty mode for the database to
sql server 2000.
I just checked the 2005 database, I selected the database, and clicked Properties->Options, and it says the db is already in 2000 compatibility mode.
Access ADPs are very closely tied to SQL Server versions, and MS has done a really poor job of fixing and breaking ADPs in the 3 major versions that have been released (2000, 2002 and 2003).
If you are trying to use the compiled ADE, I'd suggest that first you find the original ADP and see if you can get it to work. You may need to do some work there before creating your ADE.
Caveat: I don't do ADPs, and am glad I made the decision not to, as Microsoft is now deprecating them in favor of MDB=>ODBC=>SQL Server.