Access SQL Server database on another computer - sql-server

I have created a little tool, which lets me write some data into a database.
This database is located on my laptop and as of until now, that tool was only able to locally access the database. I now need my friend to be able to use that tool to connect to my database from his own PC.
I've read about port-forwarding, opening the firewall, etc., but I've never really gotten the hang of it.
This is what I currently have:
SqlConnection myConnection = new SqlConnection("user id=admin;" +
"password=password;server=myDatabase;" +
"Trusted_Connection=yes;" +
"database=database; " +
"connection timeout=30");
And of course, the usual procedure:
try
{
myConnection.Open();
//Do Stuff
}
catch(Exception e)
{
Console.WriteLine(e.ToString());
}
Note: I don't really care much about security, since the usage of this tool is only temporary and I doubt that anyone would try to "break in".

Take a look upon activating Remote connections to your SQL Server Instance. As already mentioned, they will not work on Express editions, but since your project is temporary, you may install a trial (lasts for 180 days).

Related

Connecting to sql database

(I am a sql noob and I just can not figure this out on my own)
For some time now I have been trying to establish a connection to a SQL database in codename one but to no avail. First I tried connecting to a MariaDB database from one.com. All that's needed for the connection is
Database db = Display.getInstance().openOrCreate("databaseName");
if I am not mistaken, but I am guessing this implies that I have somehow already established a connection to the database. This is not the case however so it creates a new .sql file, right? I can recall that you can connect to a database in the services tab in Netbeans. I chose the MySQL(Connector/ J Driver) which should work with MariaDB, or should it? I entered all my data and i says that it can not establish connection to the database.
the error i get
So I thought I might as well try using localhost. I used XAMPP to host a database and connected in the netbeans services tab.
connected?
Now testing was needed to see if this works. I started the SQL journey with this https://www.codenameone.com/manual/files-storage-networking.html#_sql and integrated the part after "You can probably integrate this code into your app as a debugging tool". I changed database name to "mybase" (it's existance can be confirmed in picture 2). Ran the app, opened the dialog, entered "select ID from customers" and got: java.sql.SQLException: [SQLITE_ERROR] SQL error or missing database (no such table: customers) It does not get past the first call to "executeQuery". The customers table definitely exists so what am I missing to establish connection?
I really need instructions to connect to the localhost database and ideally also to the one hosted by my webhost provider.
Thanks,
Jona
The Database class is to access the SQLite DB on the mobile device. To connect to external databases, you'd have to do something different, such as a ConnectionRequest or Socket I think.

Password trouble in SSIS using Oracle Provider for OLE DB

This is my first time trying to extract data from an Oracle database and push it into a Microsoft SQL database, and I'm running into an issue I cannot find a way around. I've installed ODAC, Oracle Client, on the SSIS machine and am able to see and use the Oracle Provider for OLE DB Connection manager just fine. I put in the Oracle server name, login, PW, test the connection, works fine. I can even run the SOURCE query and load it into our SQL database just fine. But if I try and deploy the package, or open up the connection manager again, everything fails because the password isn't saved, despite the obvious "save password" checkbox being checked.
After some searching, it appears that checkbox just doesn't do anything, and I've tried the following workarounds with no success:
Configuration Files. Set up the package to use a configuration file, tried to hard-code the password into that, both on its own and/or included in the connection string line. The package just ignores the password in either case.
Expressions. I've tried using the expression in this format: "Data source=SERVER;"+ "user id = USERID; " + "password = PASSWORD; " + "Provider = OraOLEDBOracle.1; " + "persisit security info = true;", which fails (connection manager always switches to "offline" mode and doesn't seem to process the expression), and also tried to just use the expression for "password" which... sort of worked one time, inside SSIS (it seems to run and looks OK inside the data flow but on the control flow the Connection Manager shows as offline again) but fails when deployed.
In all cases, I've tried using various ProtectionLevel settings: DontSaveSensitive, EncryptSensitiveWithUserKey, EncryptSensitiveWithPassword (and then adding the password to the execution of the package in the SSMS job manager). None have worked any different than the others.
I've tried this both on our actual server where our SQL DBs and SSIS server live, and on my local machine to test out the same settings to ensure it's not machine-specific. I've uninstalled and reinstalled Oracle and the ODAC on both at least once now.
At this point I can't find any other suggestions, it seems like one of those setups has worked for everyone eventually after installing everything properly. And again, the package WORKS as long as I set the password IN the connection manager and run the package manually inside SSIS, but not under any circumstances outside SSIS.
I've spent more than 2 straight days trying to troubleshoot this and am beginning to lose my mind. Aside from the obvious complaint of "What the hell is that save password checkbox even for then" I dunno what to try at this point. I really really want to use the Oracle Provider because some of this data is using complicated queries and even the smallest one is 200K+ rows, and hitting the corporate "warehouse" so it's essential to be as efficient as possible. If there's no other alternative I could try the older OLE DB Connections but that's an absolute last resort at this point.
Other info I can think of: Using Visual Studio 2010 (tried both free and professional versions), tried running both 32bit and 64bit runtime on packages (runs fine either way in SSIS but neither way in SSMS because... no password), and I have no control over the Oracle server/DBs and there's 0 chance of getting a no-password account for access (nor should I need to frankly)
Thank you for any assistance or tips!

Qt: Low speed when transferring data from remote database

I am using Qt5 on Windows7.
I am writing a Qt app to replace an old C# app (written 7-8 years ago). The goal is to connect and transfer data from some remote databases. The remote DB servers are MS SQL Server 2000.
I already have the app running, but I noticed the data transfer takes much more time comparing to the old C# app...
So, I was just wondering what may cause such a low data transfer rate?
Maybe I forgot something or maybe I am doing something wrong...
Here is the code I am using to connect to the remote database(s):
void RemoteDB::openConnection(const QString & serverIP, const QString & dbName)
{
QSqlDatabase db = QSqlDatabase::addDatabase("QODBC");
db.setDatabaseName(QString("DRIVER={SQL Server};SERVER=%1;DATABASE=%2;").arg(serverIP).arg(dbName));
db.open("user", "password");
}
Query code:
SqlRecord record;
QSqlQuery query(QSqlDatabase::database());
if(query.exec("SELECT * FROM VehicleStatus") == true)
{
while(query.next() == true)
{
record.Vehicle = query.value("Vehicle").toInt();
record.Status = query.value("Status").toInt();
record.AppVersion = query.value("AppVersion").toString();
record.DateTime = query.value("DateTime").toString();
...
}
}
Please help, any idea?
Thanks for your time!
Beside trimming the fat (i.e. only selecting the fields you need instead of *), check that you're using the best ODBC driver possible.
SQL Server has a "ODBC SQL Server Native Client" that you can install and use, it should be faster than the default ODBC driver. It might already be installed on your PC, but not selected for your data source, or you can try to install it from some dusty SQL Server 2000 DVD (or was it CDs back then ? or - not kidding - floppy disks ?), or from a more recent SQL Server version. YMMV.
Not sure about C#, but a C# app has probably access to a fast-line driver that doesn't need ODBC.

Can SqlServer be configured to not execute stored procs submitted as strings?

Scenario A:
SqlConnection con = new SqlConnection(myConnString);
SqlDataAdapter adp = new SqlDataAdapter("EXEC spGetUserInfo 42", con);
DataSet ds;
adp.Fill(ds);
Scenario B:
SqlConnection con = new SqlConnection(myConnString);
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "spGetUserInfo";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("#UserID", 42));
SqlDataAdapter adp = new SqlDataAdapter(cmd);
DataSet ds;
adp.Fill(ds);
The question
In a discussion of how to fortify SqlServer against sql injections attacks separately from modifying the underlying application code calling the database, the question was raised whether SqlServer could be configured to simply not execute stored procs written in the manner of Scenario A, only allowing execution requests written in the manner of Scenario B. The theory being that Scenario A would be vulnerable to injection if the underlying app didn't perform input validation, allowing something like "EXEC spGetUserInfo 42; drop database foo; --" to possibly be executed, whereas Scenario B would simply fail to execute when SqlServer fails to convert "42; drop database foo; --" to an integer.
Is it possible to configure SqlServer to not execute stored procs called in the manner of Scenario A?
Not so far as I know, and I have looked pretty hard for a way to do it.
The closest thing that I can think of would be to somehow do something with the network so that only RPC connections to the SQL Server were allowed as the ".StoredProcedure" invocations normally come through RPC, but dynamic SQL requests cannot. However, I do not know enough about network management and server management to know if that is doable.
The other (and more standard) approach is to simply give users/apps only CONNECT access to your database, but not access to ANY of the database's objects. Then create stored procedures in their own SCHEMA and grant their owner/schema normal access to the database objects (tables, views, any other stored procedures, etc.). Finally then, grant the users EXECUTE access to the stored procedures in that Schema. This still would not prevent every possible dynamic SQL scenario, but it does take the danger out of them (and the point out of most of them).
Odds are the SQL Server database engine will never prevent that from happening. The reason for this is that as far as the SQL Server knows when those commands come into the SQL Server the commands are basically the same. The driver on the client machine is what does the formatting.
The only way to protect the database engine from SQL Injection is to handle it at the application layer.
Edited: I stand corrected, I went back and read the TDS standard here:
http://www.sybase.com/content/1040983/Sybase-tds38-102306.pdf
The TDS_LANGUAGE command does support native parameters over the wire, so that is in fact how SQL Server receives parameterized queries.
As to whether there's a way to force use of parameters and not accept arguments in the CommandText, I don't know of a way to do so.

Connecting to SQL 2005 from a windows mobile device

I am trying to write a simple application that runs on a Windows Mobile 6 device and can connect to a SQL 2005 server and read and write to the database. It is ok if it only connects to the SQL server while it is docked.
I have never worked with mobile devices, so I may be thinking about it incorrectly. I created a DataSet and a TableAdapter like I would with a regular desktop app, but when I run the application in the emulator, I get a SqlException when I try to open the connection on the TableAdapter.
Is there something obvious I'm missing? Do I need to explicitly tell the emulator to act like it is docked? Does it need to be configured to see that it is in the network? I can ping the SQL server in question from within the app so there should be some connectivity
Here's a good link for setting up your emulator to connect to a network:
http://www.xdevsoftware.com/blog/post/Enable-Network-Connection-Windows-Mobile-6-Emulator.aspx
psasik is being polite when he describes emulator network connections as "squirrelly". I've never gotten them to work successfully, but this is because I always have an actual physical device handy, which I always go back to at the first hint of emulator problems.
Thanks for the link! It was helpful, and I can confirm that I can connect to the network. Unfortunately, it still will not connect to the SQL server. I have distilled the code down to:
`
string connStr;
System.Data.SqlClient.SqlConnection myConn;
try
{
connStr = #"Server='<server name/IP>';Database=<database name>; User Id=sa; Password=<password>";
myConn = new System.Data.SqlClient.SqlConnection(connStr);
myConn.Open();
}
catch (System.Data.SqlClient.SqlException se)
{
MessageBox.Show(se.ToString());
}
`
This code throws an SQLException at the myConn.Open() with errorClass 20, number 17. The message is "SQL Server does not exist or access denied." The exact same code (copy/pasted) works perfectly in a winforms application. Am I doing everything correctly? Is it likely that the code is correct but that the emulator is causing my problems? Would it be worth asking the boss for a mobile device to try it on?

Resources