TITLE: Microsoft SQL Server Management Studio
------------------------------

Failed to retrieve data for this request. (Microsoft.SqlServer.Management.Sdk.Sfc)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&LinkId=20476

------------------------------
ADDITIONAL INFORMATION:

An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
------------------------------

The server principal "my_db_user" is not able to access the database "any_other_db_on_the_server" under the current security context. (Microsoft SQL Server, Error: 916)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.1399&EvtSrc=MSSQLServer&EvtID=916&LinkId=20476

This is something similar to the image below:

Error Connecting to MS SQL 2005 DB Remotely Management Studio 2008

This error happen to appear while remotely connecting a database on Microsoft SQL server 2005 with any version of Microsoft SQL Server Management Studio 2008, It will not appear if you connect the SQL server 2005 with Microsoft SQL Server Management Studio Express 2005. And the link that has been specified in the error above is of any no use, also the error started to be reported more for a Windows Shared hosting clients rather than the one with Windows dedicated server. Because the problem only appears to happen if you connect with a user that has access to a particular database and not with the user that has administrator access over the Microsoft SQL server. I had to scratch my head for the solution as it seems to be related more to the permissions on the database user. Now the interesting thing here is that the SQL database that in the error is different than the MSSQL database on which the user has its access on.

After allot of searching on the web I found that this is a bug on all versions of Microsoft SQL Server Management Studio (Express) 2008 and there is a simple work around to access your database remotely with no errors at all. Here is what that is required:

1) Connect to the MS SQL server with the user credentials in MSSMS (Express) 2008.
2) Bring Object Explorer Details window by selecting View –> Object Explorer Details in menu (or just by hitting F7)
3) In Object Explorer window click at Databases folder
4) In Object Explorer Details Window right-click at the column header and deselect Collation
5) Refresh Databases folder.

Refer to the image below for better understanding:

Fix Failed to retrieve data for this request Error: 916 Management studio

That is it. This will give you the desired access over your database and you will be happily make changes as per your need.
This is just another complicated error by Microsoft which has a very simple fix.

We understood that the problem was not with the mssql.domain_name link but the virus alert only happened after click on ASP .NET Enterprise Manager, Recomended this site. And the link was:

www.referralplanet.com/referral/windows/referralWindow.asp?id=17

Since the site was not hosted with us we had a sigh of relief that the problem is not with the server however we thought we still have a security problem if the link has been injected into ASP .NET Manager site in IIS, may be due to a security issue with Plesk control panel. And after checking several servers we came to know that the problem has happened to the site that is recommended on MSSQL Webadmin site and not the server.

If you want to remove this link from your server as well as from the MSSQL WebAdmin site then follow the steps below:

1. Login into the server through RDP with Administrator user.
2. Go to D:\inetpub\vhosts\sqladmin\mssql\app
3. Open the navbar.aspx page in notepad
4. Go to line number 119 and remove the code below:

<!-- Begin ReferralPlanet.com Referral Script -->
<a onclick="refWindow=window.open('http:// www.referralplanet.com/referral/windows/referralwindow.asp?id=18','referralWindow' ,'width=350,height=520,scrollbars=yes,menubar=no,resizable=yes'); refWindow.focus(); return false;" target=_blank href="http:// www.referralplanet.com/referral/windows/referralWindow.asp?id=17">
<IMG alt="Click Here To Tell A Friend" src="images/tellafriend.gif" border=0></A>
<!-- Begin ReferralPlanet.com Referral Script -->

5. Save the file and exit.

This problem must have infected millions of computer in the world. Let see when chinese hacker stop putting their shit on other’s website and get mature.

ASP.NET, a higher version of ASP, is a programming framework used to create enterprise-class Web Applications. These applications are available to the entire world providing efficient information to their end users. ASP .NET has far more advantages than just a next version of ASP. And it is easily available to configure and use no matter if you have a Dedicated server or a Shared hosting account.

Why to use ASP.NET?

Microsoft has worked well to shift their focus on Internet world from a Windows based platform since 1995 and finally Microsoft introduced Active Server Pages (ASP) in 1996 that was much easy to understand than the orthodox languages like Java, C++ and Perl as it offered the efficiency of ISAPI applications. However ASP scripts were difficult to debug and main, since it consisted unstructured code and interpreted script. ASP also made it difficult for developer to ingrate the web development software as it required to understand many different technologies. If the web application grew more complex and bigger it became harder to maintain as the number of line in source code increased dramatically, specially when you host your application on a Shared hosting server. Therefore, a need of an architecture was required that would allow development of Web application in a consistent way.

A new technology .NET framework was introduced with the intention to provide globally distributed software with Internet functionality and interoperability. The .NET Framework includes multiple language support and consists of many class libraries with a common execution point. .NET framework provides a high level of flexibility allowing to development a top class web application that does different things. ASP .NET is built into this framework which allows a developer to crate a web application using any of the built-in languages. Making it easy to develop an Internet based web application.

ASP.NET uses the Common Language Runtime (CLR) provided by the .NET Framework which is not available in ASP. Execution of the code we rite is managed by this CLR. ASP.NET code is a compiled CLR code instead of interpreted code (ASP). The CLR makes development of Web applications simple and also allows objects written in different languages to interact with each other.

Advantages of Using ASP.NET:

• ASP.NET reduces the code drastically that is required to build large applications
• ASP.NET makes for easy deployment. There is no need to register components because the configuration information is built-in
• ASP.NET, with an event-driven, server-side programming model makes development simpler and easier to maintain.
• The pages have lots of power and flexibility by this approach since the source code is executed on the server.
• The Web server continuously monitors the pages, components and applications running on it. If it notices memory leaks, infinite loops, other illegal software or activities, it seamlessly kills those activities and restarts itself
• Execution of .NET application is fast as the Web Server compiles the page the first time it is requested. The server saves the compiled version of the page to use it next time the page is requested
• ASP.NET applications are more secure as only the HTML produced by the ASP .NET page is sent back to the browser and the application source code you write is not sent and is not easily stolen
• ASP.NET pages are easy to write and maintain because the source code and HTML are together
• ASP.NET applications run faster and counters large volumes of users without performance problems
• ASP .NET validates information (validation controls) entered by the user without writing a single line of code
• ASP.NET is compatible with ADO.NET using data-binding and page formatting features.

This would only happen if the Cluster services has been installed before installing and configuring MSDTC Service. Hence it is highly recommended that you first install and configure MSDTC and then configure the Windows Cluster Service.

Event ID: 4097
Description:
MS DTC started with the following settings: Security Configuration (OFF = 0 and ON = 1): Network Administration of Transactions = 1, Network Clients = 0, Distributed Transactions using Native MSDTC Protocol = 1, Transaction Internet Protocol (TIP) = 0, XA Transactions = 1.

OR

Event ID: 4395
Description:
MSDTC detected that MSDTC related information in the local registry is different from that in the shared cluster registry. Error Specifics: d:ntcomcom1xdtcsharedmtxclumtxclusetuphelper.cpp:541, CmdLine: C:WINNTSystem32msdtc.exe, Pid: 796
Data:
0000: 05 40 00 80 .@.?

OR

Event ID: 4384
Description:
MS DTC was unable to start because the installation was not configured to run on a cluster. Please run comclust.exe and restart MS DTC. Error Specifics: d:ntcomcom1xdtcsharedmtxclumtxclusetuphelper.cpp:668, CmdLine: C:WINNTSystem32msdtc.exe, Pid: 796

OR

Event ID : 7024
Source : Service Control Manager
Description: The MSDTC service terminated with service specific error 3221229584.

Initially you should try and run the command below and check if it solves the problem:

msdtc -resetlog

If that does not help then follow the fix below:

1. Delete the DTC resource
2. Delete MSDTC folder from the quorum disk.

On Node 1:

– Stop the Cluster Service

– Remove Enable network DTC  Service with the command below:

msdtc -uninstall

Make sure to check the Success in the Event logs.

– Verify that the following registry key has been removed as well.. if not then remove it manually.

HKEY_CLASSES_ROOTCID
HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSDTC
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMSDTC

– Reboot the Server

– After the Server is back online reinstall Enable network DTC Service with the command below:

msdtc -install

Now create the DTC resource on Node 1 and it should come online.

Now on Node 2

– Stop the Cluster Services.

– Evict Node 2 from the Cluster

– Remove Enable network DTC  Service with the command below:

msdtc -uninstall

Make sure to check the Success in the Event logs.

– Verify that the registry key has been removed as well.. if not then remove it manually.

– Reboot

– Reinstall Enable network DTC Service with the command below:

msdtc -install

– Verify that the Service has now Started and also registry keys created.

– Rejoin the node back into the cluster.

While I was searching for the solution I found the KB articel on Parallels sites below:

http://kb.parallels.com/en/1147

Where they (Plesk adminstrators) have clearly mentioned that custom permissions set on top level folder like httpdocs, statistics, cgi-bin etc will get reset by Plesk. So I decided to make a test, I manually gave write permissions to httpdocs folder and ran webservmng.exe on it and yes it was removed. Then after allot digging I would that there us a file .Security which is saved under the folder with the domain name (parallel to httpdocs folder), that stores all permissions for that domain.

Before we start please be informed that these steps are applicable to Parallel Plesk version 8.4 and above as .Security file was introduced in 8.4 only.

So here are steps to get around the problem permanently:

1. Backup the .Security file and delete it from [drive]:inetpub/vhosts/domain_name, this file saves all the permissions assigned to that user from Plesk on Windows. Deleting it will remove all the records.

2. After renaming or deleting the . Security file, run this command below:

"%plesk_bin%/websrvmng.exe" --reconfigure-vhost --vhost-name=domain_name

3. This command will create a new .Security file with all default permissions on that domain.

4. Now login into Plesk >> Click on Domains >> domain_name >> File Manager >> httpdocs >> golden padlock of folder_name to set perm on >> “Advance” Button >> Select users >> Assign permissions >> OK.

These steps will save new permissions in .Security file and even if you run websrvmng on that domain again, the new permissions that has been set from Plesk will not get removed. There is no need to add any special group or users like, ASPNET or NETWORK SERVICE to any folder as those permissions are handled by IUSR_ & IWAM_/IWPD_ users.

Any permissions that has been assigned directly to httpdocs folder will get reset by Plesk and if you inherit them to sub folder, permissions from sub folder will also get removed.

So the moral is, DO NOT give any permissions from RDP, use File Manager option if you want to keep the trouble of permissions away.

So here we go:

On your local machine, [AND NOT THE SERVER]:
Goto START >> Run >> and Type:
notepad "C:WINDOWSsystem32driversetchosts"
And hit Enter

If you get file does not exist error then create hosts file in notepad “C:WINDOWSsystem32driversetc” folder.

At the end of the file you will have:

127.0.0.1 localhost

Just add your domain with the IP you want to point to, and it will look like, this will be also applicable if you have create a new hosts file:

127.0.0.1 localhost
192.168.1.52 mywebhostingblog.net
192.168.1.52 www.mywebhostingblog.net

Save the file and exit.

Now ping the domain on the computer you have made changes on and it will point to the IP address defined. You can now browse your site without the site preview and you will have to the content of the server you are moving to. Just remove the entries from the hosts file to point your domain back it was.

Wasn’t that Simple..!!!

It would not be the case now as I have listed detailed steps along with the images on how to block IP using the IP security policy in Windows. This option is also available in XP as well as Windows 2003 Server edition.

How to BLock IP Using Windows:

You can either open MMC from START >> RUN >> MMC and add a new Snapin for IP Security policy with steps below:

Click ‘Start’ > ‘Run’ >type ‘MMC’ press ok.
In the console click > ‘File’ > ‘Add/Remove Snap in’
In the ‘Standalone Tab’ click The ‘add’ button
Seclect ‘IP Security Policy Managment’ > ‘ADD’ > ‘Local Computer’ > ‘finish’ > ‘close’ > ‘ok’
You should now be back to the Management console.

OR

Just goto START >> PROGRAMS >> ADMINISTRATIVE TOOLS >> LOCAL SECURITY POLICIES ON LOCAL COMPUTER to open the IP Security Management Console.

1. Select IP Security Policy and Right Click on the right pane to select new Policy. The screen will like an image below:

Figure 1

2. This will open the IP Security Policy Wizard, Just click on Next button.

Figure 2

3. On the Next screen you have to define the name of your IP Security policy and its description and then click Next Button.

Figure 3

4. Plesk uncheck the box for “Activate the default Response Rule” and then click Next Button..

Figure 4

5. On the Next screen remove the check for Edit Properties and Click Finish.

Figure 5

6. Once you click on the Finish Button you will see the screen below along with your rule being added to the list. Now we will create an IP filter list to block IPs.

Figure 6

7. Double click on the rule you have just create to open the properties window:

Figure 7

8. Since we have chosen to uncheck “Activate the default Response Rule” in Step 4 the Dynamic rule in not applied. Click on Add button to open Security Rule Wizard and Click again on Add button to open IP Filter List Wizard.

Figure 8

9. You will have a screen some what in Figure 9. Put in the name of your list and Click on the Add button.

Figure 9

10. This will open another window for you to add IP and ports in the IP Filter list. In the Description box just put in the IP address that you want to block and make sure that you keep the check on the box for “Mirrored. Match packets with the exact appropriate source and destination addresses” and click on the Next button.

Figure 10

11. Select My IP address in the Sources Address from the drop down list.

Figure 11

12. You have many more options to select from the list for both in Sources and Destination Address. You will need some advanced knowledge to work with those option. We will select My IP address for now and click on Next button.

Figure 12

13. In the IP Traffic Destination, select “A specific IP Address” and enter the IP address that you want to block on your machine. Here you can also select a sub net from the drop down and block the entire subnet. Once you finish entering an IP/Subnet, click on Next button.

Figure 13

14. Here in IP Protocol Type you can define the protocol that you want to block, it can be any one from the list for example TCP, UDP, ICMP etc. We will select ANY which mean all connect from a specific IP address. If you select a protocol from the list andclick Next it will ask you to enter the port address that you want to block, example 80 (See Figure 14.2). But since we want to block all ports we will select Any and click Next (Figure 14.1) and then Finish.

Figure 14.1

Figure 14.2

15.  After you click on Finish button you will see that the rule has been added in the IP filter list. If you want to add more IP and subnets then click on the Add button to add another rule or block 2nd IP. Once you finish with it you will have rules as in Figure 15.2.

Figure 15.1

Figure 15.2

16. Once your IP Filter List is complete click on the OK button to get back Security Rule Wizard. Select the IP filter list which you have created by clicking on the radio button and click Next.

Figure 16

17. In the Next screen of Security Rule Wizard you will not see any Filter Action as Block as by default it is not created. We will create a Filter action to block connect by click on Add button.

Figure 17

18. In the Name type “Block” and any discryption you like and click on Next.

Figure 18

19. In Filter Action General options select Block and click Next.

Figure 19

20. And then on Finish to get back to Security Rule Wizard.

Figure 20

21. This will add the Filter option as Block in the list, just click on radio button to select it and click Next.

Figure 21

22. Click Finish to complete the security Rule Wizard.

Figure 22

23. You will see the rule added in the list, you can add more rule with the same steps. Now just click OK to finish with the rules.

Figure 23

24. Now since we have already created the rules to block desired IP address just right click on the IP Security Policy and select Assign to apply the rule on the server.

Figure 24

There are allot many option to secure your entire server with IP security policy. You can create more rules to block every one on RDP port TCP 3389 and allow only select IPs. IP Security is IP and port based application and not Services based and you can create the rule as per your need.

Certificates are parallel with asymmetric keys in the SQL Server 2005 encryption hierarchy. A certificate is simply a method of using asymmetric encryption. Certificates bind public keys to individuals who hold the associated private key. Certificates use the same RSA algorithm as asymmetric keys; therefore, they are resource-intensive and their use is normally restricted to encrypting other keys. SQL Server contains an integrated certificate authority, which it uses to issue its own selfsigned, and industry standard X.509 certificates. Alternatively, you can import certificates from an external certificate authority.The use of external certificates allows you to use a wider range of key lengths, which can provide enhanced security. Certificates are the most secure way in which to encrypt data natively within SQL Server 2005.You can use the CREATE CERTIFICATE statement to create a certificate within SQL Server 2005.

The common syntax of the CREATE CERTIFICATE statement is as follows:

CREATE CERTIFICATE CERTIFICATE_NAME [AUTHORIZATION USER_NAME]
{FROM FILE = 'PATH_TO_PRIVATE_KEY'
WITH PRIVATEKEY [, ENCRYPTION BY PASSWORD = 'PASSWORD' |
, DECRYPTION BY PASSWORD = 'PASSWORD']}
WITH SUBJECT = CERTIFICATE_SUBJECT_NAME, |
[START_DATE = MM/DD/YYYY
END_DATE = MM/DD/YYYY]

Here are definitions of the arguments in this syntax:

FILE = PATH_TO_PRIVATE_KEY Specifies the directory and the file name to the private key.
ENCRYPTION BY PASSWORD = ‘PASSWORD’ Specifies the password that will be used to encrypt the certificate private key.
DECRYPTION BY PASSWORD = ‘PASSWORD’ Specifies the password originally used to encrypt the private key.
CERTIFICATE_SUBJECT_NAME A descriptive string that will be embedded into the certificate metadata.
START_DATE Specifies the date in which the certificate becomes valid.
END_DATE Specifies the date in which the certificate expires.

For a full listing of all statement arguments, please refer to SQL Server 2005 Books Online.You will need the CREATE CERTIFICATE permission within the database to create a certificate.The following syntax creates a certificate and encrypts the certificate private key with the supplied password:

CREATE CERTIFICATE Certificate01 ENCRYPTION BY
PASSWORD = '&7YuKj%4@)aSZ@'
WITH SUBJECT = 'Certificate to test encryption',
START_DATE = '8/13/2007',
EXPIRY_DATE = '8/13/2011'

Unlike symmetric and asymmetric keys, certificates can be backed up individually. To back up a certificate, you can use the BACKUP CERTIFICATE statement:

BACKUP CERTIFICATE CERT_NAME TO FILE = 'PATH_TO_FILE'
[WITH PRIVATE KEY
(FILE = 'PATH_TO_PRIVATE_KEY_FILE',
ENCRYPTION BY PASSWORD = 'ENCRYPTION_PASSWORD',
DECRYPTION BY PASSWORD = 'DECRYPTION_PASSWORD')]

Here are definitions of the arguments of this syntax:

CERT_NAME Specifies the name of the certificate to be backed up.
PATH_TO_FILE Specifies the directory path and the filename that will be used for the certificate public key backup.
PATH_TO_PRIVATE_KEY_FILE Specifies the directory path and the filename that will be used for the certificate private key backup.
ENCRYPTION_PASSWORD Specifies the password that will be used to encrypt the certificate private key backup.
DECRYPTION_PASSWORD Specifies the password that will be used to decrypt the certificate private key within the database.

To execute the BACKUP CERTIFICATE you will need the CONTROL permission on the certificate and the VIEW DEFINITION permission on the database. The following syntax uses the BACKUP CERTIFICATE statement to back up both the public and private key of your previously created certificate, and encrypts the private key backup file with a user-supplied password:

BACKUP CERTIFICATE Certificate01 TO FILE =
'C:\backup\certificates\Certificate01.pub'
WITH PRIVATE KEY
(DECRYPTION BY PASSWORD = '&7YuKj%4@)aSZ@',
ENCRYPTION BY PASSWORD = '9UyZ%E!b8%7Ly#',
FILE = 'C:\backup\certificates\Certificate01.prv')

For a complete listing of statement arguments and permission requirements, please see SQL Server 2005 Books Online.To restore a certificate from a backup file, you can use the FROM FILE argument within the CREATE CERTIFICATE statement, which we covered earlier.The following syntax restores your previously backed up public and private key:

CREATE CERTIFICATE Certificate01 FROM FILE =
'C:\backup\certificates\Certificate01.pub'
WITH PRIVATE KEY (FILE = 'C:\backup\certificates\Certificate01.prv',
DECRYPTION BY PASSWORD = '9UyZ%E!b8%7Ly#',
ENCRYPTION BY PASSWORD = '&7YuKj%4@)aSZ@')

Note that if you created Certificate01 previously, you will need to drop the certificate prior to running the preceding syntax.You can obtain a listing of all certificates present in your database by using the sys.certificates view:

Select * from sys.certificates

To change the properties of a certificate you can use the ALTER CERTIFICATE statement:

ALTER CERTIFICATE CERTIFICATE_NAME
REMOVE PRIVATE KEY |
WITH PRIVATE KEY (FILE = 'PATH_TO_PRIVATE_KEY' |
DECRYPTION BY PASSWORD = 'PASSWORD' |
ENCRYPTION BY PASSWORD = 'PASSWORD')
WITH ACTIVE FOR BEGIN_DIALOG = [ON | OFF]

Here are definitions of the arguments of this syntax:

CERTIFICATE_NAME The name of the certificate to be altered.
REMOVE PRIVATE KEY Removes the private key from the certificate.
FILE = ‘PATH_TO_PRIVATE_KEY Specifies the directory and the file name to the private key.
DECRYPTION BY PASSWORD = PASSWORD Specifies the password in which to decrypt the private key.
ENCRYPTION BY PASSWORD = PASSWORD Specifies the password in which to encrypt the private key
ACTIVE FOR BEGIN_DIALOG Enables or disables a certificate for use with Service Broker.

To run the ALTER CERTIFICATE command you will need the ALTER permission on the certificate.The following syntax changes your certificate private key protection method from user-supplied password to database master key:

ALTER CERTIFICATE Certificate01
WITH PRIVATE KEY (
DECRYPTION BY PASSWORD = '&7YuKj%4@)aSZ@')

To encrypt data using the certificate public key, you can use the ENCRYPTBYCERT statement:

ENCRYPTBYCERT (CERTIFICATE_ID, 'PLAINTEXT')

In this statement, CERTIFICATE_ID specifies the ID of the certificate to be used for encryption. PLAINTEXT is the data string you wish to encrypt.

You will need the VIEW DEFINITION permission on the certificate to execute the ENCRYPTBYCERT statement.The following syntax uses the ENCRYPTBYCERT statement to encrypt the supplied string using your certificate:

SELECT ENCRYPTBYCERT(Cert_ID('Certificate01'), 'certificate encryption test')

Here are the results:

0x50BCA9702D6999578923DAEC2B3EE96E69174429EBF54C392A532919679624097CD050110CEEF4DDB3BF
22656549268848C2F6E6BA70C0E543DFB411B654302AB9582A525DB835940FB76F9AAC501BBC5E3D689FB0
431BA7AF3C51A4DCDC5BCB7D101324E466A23447DF916E80D026E2A2E6D5A433E75804ADF8E9B75BF0E097

As we mentioned earlier, the preceding results will differ from what you receive on your SQL Server.To decrypt the cipher text, you can use the DECRYPTBYCERT statement:

DECRYPTBYCERT (CERTIFICATE_ID, 'CIPHERTEXT', CERT_PASSWORD)

Here are the definitions of the arguments of this syntax:

CERTIFICATE_ID The ID of the certificate to be used for encryption.
CIPHERTEXT The string that was previously encrypted with the certificate public key.
CERT_PASSWORD The password that encrypts the certificate private key.

To execute the DECRYPTBYCERT statement, you will need the VIEW DEFINITION permission on the certificate.The following syntax uses the DECRYPTBYCERT statement to decrypt the cipher text and convert the results into the human readable varchar data type:

SELECT CAST (DECRYPTBYCERT(Cert_ID('Certificate01'),
0x50BCA9702D6999578923DAEC2B3EE96E69174429EBF54C392A532919679624097CD050110CEEF4DDB
3BF22656549268848C2F6E6BA70C0E543DFB411B654302AB9582A525DB835940FB76F9AAC501BBC5E3D
689FB0431BA7AF3C51A4DCDC5BCB7D101324E466A23447DF916E80D026E2A2E6D5A433E75804ADF8E9B
75BF0E097)
AS varchar)

Note that you should substitute the cipher text in the preceding statement with the cipher text that you obtained from the earlier ENCRYPTBYCERT statement. Here is what the results of running the preceding statement will look like:

certificate encryption test

When you no longer need a certificate, it can be removed from the database using the DROP CERTIFICATE statement:

DROP CERTIFICATE CERTIFICATE_NAME

In this statement, CERTIFICATE_NAME specifies the name of the certificate to be removed.
To execute the DROP CERTIFICATE statement, you will need the CONTROL permission on the certificate.The following syntax drops your previously created certificate.

DROP CERTIFICATE Certificate01

The following script outlines the certificate encryption process from end to end:

-- Demonstration of certiifcate encryption
-- Create Database
CREATE Database CertEncryptDemo
GO
USE CertEncryptDemo
--
-- Switch to database context
--
-- Create table for data to be encrypted
CREATE Table Customers(
FirstName varchar(30),
LastName varchar(30),
CreditCardNum varbinary(300))
--
-- Create Database Master Key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '5YtF4$aQ#W4d^W'
--
--** You should backup the Database Master Key immediately after creation! **
--
--Create certificate and use the databse master key to encrypt the private key
CREATE CERTIFICATE Certificate02
WITH SUBJECT = 'Test certificate for encryption',
START_DATE = '1/1/2007',
EXPIRY_DATE = '1/1/2012';
--
-- Populate table with data included encrypted credit card numbers
INSERT INTO Customers Values('Blake', 'Cabbage',
EncryptByCert(Cert_ID('Certificate02'), '342724356361631'))
INSERT INTO Customers Values('Colin', 'Edwareds',
EncryptByCert(Cert_ID('Certificate02'), '4516525615214110'))
INSERT INTO Customers Values('Anoson', 'Monroe',
EncryptByCert(Cert_ID('Certificate02'), '5582858885802510'))
Data Encryption • Chapter 8 241
--
--View the contents of the table
Select * from Customers
--
--View table data including the decrypted plain text credit card numbers
--
SELECT Firstname,LastName, CAST(DecryptByCert(Cert_ID('Certificate02'),
CreditCardNum) AS varchar) as 'CreditCardNum' from customers
--
--Clean-up demo
DROP CERTIFICATE Certificate02;
DROP MASTER KEY;
USE TEMPDB
DROP DATABASE CertEncryptDemo;
--END

EFS can be used to encrypt SQL Server 2005 data files and folders. EFS is supported on Windows 2000 and later operating systems with New Technology File Systems (NTFS) formatted drives. EFS uses a combination of symmetric and asymmetric methods to provide transparent SQL Server 2005 data encryption. On Windows 2003 Server and newer operating systems, EFS by default creates a random File Encryption Key, which is a 256-bit AES key to perform data encryption.The File Encryption Key is then itself encrypted with the user’s public key and stored within the encrypted file or folder.

To encrypt SQL Server 2005 data files and folders using EFS, follow these steps:

1. Stop the SQL Server service.
2. Log out and log in using the SQL Server service account credentials.
3. Right-click on the file or folder to be encrypted and select Properties | General Tab | Advanced.

4. Within the Advanced attributes window, select Encrypt contents to secure data.
5. Within the Advanced attributes window, press OK.
6. Within the Properties tab, press OK.
7. If you are encrypting a folder containing subfolders, you will be presented with another window asking if you would like to  encrypt them as well. Press OK.
8. EFS encrypted files and folder names should now appear in green within any Windows file explorer window.
9. Restart the SQL Server services.

If errors are generated, you may have encrypted the SQL Server data files using an account that is not linked to the SQL Server service account.You can decrypt the data folders by reversing the steps above and trying again. When encrypting individual database files, EFS first creates a plain text copy of the file to be encrypted, encrypts the target file, and then deletes the temporary file.This temporary file is not securely deleted and can be recovered using common data recovery tools. To prevent local file disclosure, you should use a secure data deletion tool to overwrite the areas of disk containing the temporary file. Alternatively, you can simply encrypt the parent folder that contains the database files to ensure any temporary files are also encrypted.

EFS encryption is beneficial if the database media is stolen or misplaced. When transferring EFS encrypted files over the network, Windows first decrypts the file and then transfers the plain text equivalent. Some administrators perform manual backups of database files prior to implementing changes on the database server. If this backup involves copying data files from one server to another, you will effectively be storing an unencrypted copy of your database on the destination server.

Encryption File System Contains Inherit Flaws

On Windows Server 2003, EFS uses a strong 256-bit AES key to encrypt data. Under most circumstances, this would be an effective method of encryption; however, this AES key is protected by the user’s public key, which is based on the user’s Windows login password. This ultimately reduces EFS protection to the strength of the user’s Windows password. There are publicly available tools that can successfully decrypt EFS encrypted data by exploiting this flaw. Because of this, EFS should not be used to encrypt sensitive database data.

Working with EFS Encrypted Data

EFS encryption is managed by the operating system, and seamlessly provides file and folder encryption to SQL Server 2005. All SQL Server functions and operations remain unchanged when using this encryption method. Because EFS is handled outside of SQL Server 2005, encryption keys must be backed up separately in addition to your database backups.

Databases often contain sensitive financial, healthcare, and corporate data. As mentioned earlier, data security breaches are occurring at an alarming rate and international legislations have been passed, which set regulations on how organizations must protect this sensitive data. The Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), Personal Information Protection and Electronic Documents Act (PIPEDA), Gramm-Leach-Bliley Act (GLBA), and the UK Data Protection Act are just a few of these regulations. Several regulations require that sensitive data be encrypted and that organization’s must identify and report data disclosure or misuse. If these regulations are not followed, organizations can face serious repercussions, ranging from financial penalties to imprisonment of responsible parties. Depending on the nature of your business, the above regulations may not apply, but before you discount the need to encrypt data

consider that sensitive information can also include corporate information including confidential HR data, trade secrets, patents, designs, or client listings, which, if disclosed to unauthorized individuals, could have a grave impact on your organization. At this point you may be wondering,“why not just encrypt all data using a secure algorithm?” instead of determining specifically what data elements require encryption.The answer is that there is a  significant performance impact when encrypting data, as SQL Server must perform authentication, encryption, and decryption functions seamlessly to encrypt and decrypt the data. In addition, there are several other side effects associated with data encryption, which we will touch on later in this chapter. For these reasons, you should use data encryption only when required and only on the required data elements.

Ways to encrypt data in MSSQL 2005:

EFS Encryption
Native SQL Server 2005 Encryption
Using Keys to Encrypt Data
Using Certificates to Encrypt Data
Using Pass Phrases to Encrypt Data
Working with Data Encrypted
Indexing Encrypted Data
Replicating Encrypted Data
Symmetric Key Usage Tracking
Replicating Encrypted Stored
Using Endpoint Encryption

Mail Server works with other programs in collaboration  to make up what we know as Messaging System. Messaging system must work without any flaws to keep smooth movement of Inbound and Outbound emails. Mail System uses following protocols to send and receive email messages.

SMTP (Simple Mail Transfer Protocol) – For Sending emails

POP3 (Post Office Protocol 3) or         -  For Receiving emails.

IMAP (Internet Message Access Protocol)

At any point you found out that emails are not reaching their destination, there are high chances of these emails would get stuck in Mail Queue. Only way to release emails from mail queue is to restart mail services. Restarting mail services is done from Mail Server. Make sure before restarting mail service you ask anyone who has good knowledge of doing it.

BEST PRACTICES ACCORDING TO MICROSOFT

• Install only those components that you will use immediately. Microsoft recommends that you create a list of components that you will be using, and only enable those. If the need arises, you can install the additional components at that time. The components in a SQL Server installation are the Database Engine, Analysis Services Engine, Reporting Services, Integration Services, Notification Services, and Documents and Samples.

• Enable only the optional features you will use, and review optional feature usage before doing an in-place upgrade and disable unneeded features. Microsoft recommends that you create a list of the optional features that you will use, and only turn those on. If this is an existing SQL Server that is being upgraded, they recommend creating the same list, and disabling any optional features not on the list. These optional features are CLR Integration, OLE Automation, remote use of a dedicated administrator connection, Database Mail and SQL Mail, OpenRowset and OpenDataSource functions, SQL Server Web Assistant, and xp_cmdshell availability.

• Develop a policy with respect to permitted network connectivity choices and for the usage of optional features. Microsoft recommends defining policies that would be company wide on Connectivity Choices and the use of optional features. They also recommend using SQL Server Surface Area Configuration to standardize this policy and documenting exceptions to the policy on a perinstance basis.

• Turn off unneeded services by setting the service to either Manual startup or Disabled. Microsoft recommends going into the service management area and setting all services that you will not be using.

MS SQL 2005 Server was released after 5 servers of it previous SQL version, MS SQL 2000, Hence it required allot to revisions to cope up with the current windows development environment. Therefore MS SQL 2005 SP2 had major changes in it, with too many performances and security fixes. Microsoft could not add few revisions due to its basic development structure however they had all the scope to introduce them in SQL 2008 release. And indeed, MS SQL 2008 has many installation as well as performance fixes being applied to it and allowing Windows Administrators to have full control on SQL activities. The biggest advantage of SQL 2008 over SQL 2005 is the ability to manage and maintain server performance. SQL 2008 does not require too much resource which is the best deal for today’s Shared Hosting environment. Also an upper hand to whose to do not want to invest too much on hardware of their dedicated servers just to run SQL server on it.

I have tried to gather the major improvement introduced by Microsoft on SQL 2008 from Internet which is an advantage over SQL 2005 however it all depends on what features are useful to you in the development of your ASP .NET applications. But switching to Microsoft SQL 2008 is definitely going to improve the performance even if you don’t use any of the below feature. And not to forget that with the release of SQL 2008, Microsoft will announce “End Of Life” for SQL 2000 version, which will mean that there won’t be any official support or update release for SQL 2000.

Major difference between SQL 2005 and SQL 2008.

* Easy Upgrades: Version upgrades are now very easy and effective with SQL 2008.
* Resource Restriction Governor: We set a restriction on a users or groups from consuming high resources. This is a very good feature that can be used on Windows shared server with SQL database to maintain the performance.
* Dates and Times settings: New data types such as: Date, Time, Date Time Offset has been introduced.
* Improved Full Text Search: Ability to backup Native Indexes and also thesaurus them as metadata.
* External Key Management: This unique can store Keys separately and not with the data.
* Improved SQL Server Analysis Service: It now has improved Stacks and computes block faster.
* Improved Installation: Microsoft has added an option where you can uninstall Disk images and service packs.
* Data Synchronizing: A Development of databases used in applications that frequently get disconnected.
* Transparent Data Encrypts: It has the ability to encrypt full SQL database with different encryption Methods.

* SQL Server Integration Service: SQL 2008 Server has improved multiprocessor support and faster lookups in compare to SQL 2005.
* Change Data Capture: Allows all changes to be captured and queried. (Enterprise). Also allows us to get detailed information on what changes has happened to which rows after a specific version.
* LINQ: A Development query language for accessing multiple type of data like XML and SQL at the same time.
* Hot Plug CPU: With this feature to an add CPUs on fly for your SQL server to use.
* Microsoft Office 2007 integration: One can use MS OFFICE as an SSRS template, like SSRS to WORD.
* Spatial Data types: Data types for storing Longitude, Latitude and GPS entry of a particular database.
* MERGE: A new TSQL command as a combination Update, Insert and Delete.
* Encrypted Backups: We can execute it at the time running backups to prevent tampering from external resource.
* Data Compression: This feature is different as it allows us to manage data compression at table level to enhance performance.
* Dynamic Development: Latest Visual Studio and ADO options along with ASP .Net 3.
* Reporting Server Performance: Unlike in SQL 2005 we can set threshold on Reporting server for memory management.
* Performance Studio: It is a Gallery that has collection of monitoring tools enhanced performance.
* Audits: A very power feature for monitoring the data access of your SQL database.
* Table Value Parameters: SQL 2008 database has ability to insert entire table into a stored procedure.
* Entity Database Services: (LOB) Line Of Business framework and (eSQL) Entity Query Language.

No doubt that Microsoft has improved all the features that has been used by hosting services. Even SQL Cluster in version 2008 has few major advantages since every one in today world wants to have their site up all the time with 100% uptime. I hope I get some time to write on “MS SQL 2008 Clustering..“

Please make sure of the following before you configure the script:

• The user that is running the script must have execute permissions on cscript in system32
• The user that is running the script must have write permissions folder that is going to store the backup file.
• The user that is running the script must have execute permissions on mysqldump.exe in Mysqlbin
• If you running this script in browser then your web user will need the above permissions.

So here is the script:

backup-mysql-database.vbs

Option Explicit
Dim backup_dir, num_days, user, password, database, arguments, backup_file
Dim oShell, oFS, oDrive, nResults, sqldump

backup_dir = "C:MysqlBackups"
user = "xxxxxxxx"
password = "yyyyyyyy"
database = "zzzzzzzz"
sqldump = "C:Mysqlbinmysqldump.exe"

backup_file = backup_dir & database & ".sql"
arguments = "--user=" & user & " --password=" & password & " " & database & " > " & backup_file
arguments = sqldump & " " & arguments
WScript.Echo(arguments1)

Set oShell = CreateObject("WScript.Shell")

WScript.Echo("Creating backup file " & backup_file)
nResults = oShell.Run ("cmd /C" & arguments, 1, TRUE)
WScript.Echo(nResults)

Set oShell = Nothing

The following variable will be needed to be defined as per your need:

backup_dir = Should have the path to the directory that you want to save you backup file in.
user = Database user name that has full privileges over the database you want to backup.
password = Password of the database user.
database = Name of the database that you want to backup
sqldump = Path to mysqldump.exe, normally this is stored in MySQLbin directory.

To backup all database you can ignore the database variable and replace the first argument command with:

arguments = "--user=" & user & " --password=" & password & " --all-databases --quick
--result-file=" & backup_file

Now you can run the command below to execute the script on Windows server:

cscript c:myscriptsbackup-mysql-database.vbs

You can also schedule the above command to run on sceduled timining to backup the MySQL databases.

C:\DOCUME~1\USER~1\LOCALS~1\Temp\WER8bd7.dir00\appcompat.txt

Above error pop ups when Error Reporting is enabled on your system and w3wp.exe faces an error.
Windows Error Reporting increases Hard Disk space , by adding above pop ups in two different dump files i.e. HDMP and MDMP
HDMP (Heap Dump) – Uncompressed error dump file generated by Windows when a program has an error or crashes.
MDMP (Mini Dump) – Compressed Heap Dump files are saved as Mini dump (MDMP) files and may be sent to Microsoft as part of an error reporting process.

Windows Error Reporting settings are stored in Windows Registry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting

However, if you do not choose to send files to Microsoft. These dump files will gradually go on clogging up your system disk space.
To avoid this you have to fix error in application and delete dump files present at
C:\WINDOWS\pchealth\ERRORREP\UserDumps

Read further for Customizing or disabling Windows Error Reportin.

Windows Error Reporting can be kept disabled or can be customize as per requirement.

On your Windows System >>> Right Click on My Computer >>> Click on Properties >>> Click on Advanced >>> Click on Error Reporting >>> You can Enable or Disable Error Reporting from here >> if you click on Enable >>> Click on Choose Programs for customizing.

To add w3wp.exe in exception list without Disabling Error Reporting navigate yourself as shown below : -

On your Windows System >>> Right click on My Computer >>> Click on Properties >>> Click on Advanced >>> Performance >>> Click on Settings >>> Click on Data
Execution Prevention >>> Turn on DEP for all programs and
services except those I select >>> Add w3wp.exe process in exception list
(Reboot not required)

For steps on Linux refer the link below:

How to install PHPMyAdmin on Linux

How to install phpMyAdmin 2.11 on Windows Desktop and Server

Here are steps that will help you installed PHPMyAdmin on a Windows server.

REQUIREMENTS:

>> PHP 4.3/4.4/5.1
>> MySQL 4.0/4.1/5.0

DOWNLOAD:

This installation was tested on phpMyAdmin-2.11.1
You can select the file from PHPMyAdmin Downloads

CONFIGURATION:

Configuration that needs to be noted, the one below are the one we have chozen. They might be different on your server:

Installation path: C:\www\phpMyAdmin (If you have Apache on your server then place out side of webroot of Apache)
Apache webroot : C:\www\webroot
My-SQL path : C:\www\mysql\bin
Access phpMyAdmin as : http://192.168.1.52/phpMyAdmin/

INSTALLING PHPMyAdmin:

1. Unpack the downloaded file phpMyAdmin-2.11.1.zip under the directory C:\www
2. Rename directory C:\www\phpMyAdmin-2.11.1 to C:\www\phpMyAdmin
3. Make a copy of C:\www\phpMyAdmin\libraries\config.default.php
4. Open the default configuration file of PHPMyAdmin C:\www\phpMyAdmin\libraries\config.default.php and make following changes:

a. Find:

$cfg['PmaAbsoluteUri'] = '';

Put the full URL of PHPMyAdmin in the quotes, you can replace the IP address with the IP address of your server or your domain name:

$cfg['PmaAbsoluteUri'] = 'http://192.168.1.52/phpMyAdmin/';

b. PHPMyAdmin can also try to auto-detect the proper value for the above directive if it is left as it is [BLANK] and the below line is changed to ‘TRUE’:

$cfg['PmaAbsoluteUri_DisableWarning'] = FALSE;

c. Authentication Method:

– For single-user (root or trusted) environment:

– Method 1 would be to prompt client for MySQL user/password, this option will only work if your database is not accessed by other users:

$cfg['Servers'][$i]['auth_type'] = 'http';

– Method 2 is to store MySQL user/password under config.ini.php file.

$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = 'root-password';

Please replace the user and password with the administrator user and password of your MySQL server.

d. Authentication Method — for multi-user (untrusted) environment, this will allow to give access to your developers or clients if it is a shared server in hosting environment.
This step is also required to for enabling phpMyAdmin’s relational features

$cfg['Servers'][$i]['auth_type'] = 'http';
$cfg['Servers'][$i]['user'] = '';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['controluser'] = 'pma';
$cfg['Servers'][$i]['controlpass'] = 'pmapass';

Save the password: pmapass

e. Now we will have tp create MySQL controluser user ‘pma@localhost’ with password ‘pmapass’, and with the proper permissions to the user:

C:\www\mysql\bin> mysql -u root -p
mysql> GRANT USAGE ON mysql.* TO 'pma'@'localhost' IDENTIFIED BY 'pmapass';
Note the SQL password

mysql> GRANT SELECT (Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv) ON mysql.user TO 'pma'@'localhost';
mysql> GRANT SELECT ON mysql.db TO 'pma'@'localhost';
mysql> GRANT SELECT ON mysql.host TO 'pma'@'localhost';
mysql> GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv) ON mysql.tables_priv TO 'pma'@'localhost';
mysql> quit

CONFIGURING APACHE 2.0

a. If you run Apache as the webserver then you will follow the steps below:

Open file C:\www\Apache2\conf\httpd.conf to edit it and uncomment line (remove the beginning character ‘#’)
I would suggest you to backup the http.conf file incase you have messed it up.

LoadModule alias_module modules/mod_alias.so

b. Make sure directive ‘DirectoryIndex’ contains ‘index.php’ http.conf

DirectoryIndex index.html index.html.var index.php

c. Then add the following lines:


Alias /phpMyAdmin "C:/www/phpMyAdmin"



Options None
AllowOverride None
order deny,allow
deny from all
allow from 127.0.0.1


Do not forget to restart Apache once you have made the above changes and have saved the http.conf file.

CONFIGURING IIS6.0

a. Open IIS Webserver from START >> RUN: inetmgr
b. In IIS manager expand SERVER_NAME >> Web Sites and select Default WebSite.
c. In the Right pane right click in white soace and select New >> Virtual Directory.
d. In the Virtual Directory creation Wizard, click Next.
e. Give directory Alias (Name) as PHPMyadmin and click Next.
f. Click on Browse button and navigate to “C:\www\phpMyAdmin”
e. Select “Read”, “Run Script” & “Execute” and click Next.
g. Now Right click on the PHPMyAdmin Virtual directory and select permissions.
h. Give “Read & Execute” permissions to IUSR_ and inherit the permissions.
i. Right click on the PHPMyAdmin Virtual directory >> Properties >> Virtual Directory >> Configuration and map .php extention to PHP executable.

OPTIONAL CONFIGURATIONS:

Configuration for PHP v5:

These steps are only required if you want to use PHP5 for PHPMyAdmin, in PHP4 PHP extension php_mysql.dll is build in and extension php_mysqli is not supported.:

a. Edit file %SYSTEMROOT%\php.ini, under the ‘Dynamic Extensions’ Section:

Uncomment line:
;extension=php_mbstring.dll

If using MySQL v4.0 : Uncomment line
;extension=php_mysql.dll

If using MySQL v4.1 : Insert line
extension=php_mysqli.dll

Edit config.inc.php and update server extension line:
$cfg['Servers'][$i]['extension'] = 'mysqli';

Enable phpMyAdmin’s Relational Features:

Please make a note that these steps are required for “Authentication Method — for multi-user (untrusted) environment”

Edit phpMyAdmin’s configuration file C:\www\phpMyAdmin\config.inc.php:

$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';
$cfg['Servers'][$i]['relation'] = 'pma_relation';
$cfg['Servers'][$i]['table_info'] = 'pma_table_info';
$cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';
$cfg['Servers'][$i]['column_info'] = 'pma_column_info';
$cfg['Servers'][$i]['history'] = 'pma_history';
$cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';

Now Run phpMyAdmin’s sql script file ‘create_tables.sql’:

C:\www\mysql\bin> mysql -u root -p
mysql> source C:\www\phpMyAdmin\scripts\create_tables.sql
mysql> quit

That is it, you should be done with PHPMyAdmin installation on Windows.

• Click Start >> Run, to open the Run dialog box
• Here, type regedit to open the registry.
• Navigate to the following registry key – HKEY_LOCAL_MACHINE >> System >> CurrentControlSet >> Services >> NetBT >> Parameters
• On the right-hand pane find the option TransportBindName.
• Double
  click on TransportBindName and delete the existing default value.
• 
  click Ok

From the above, it is clear, that you have closed Port 445 by giving a blank value to TransportBindName for NetBT services.

close Port 135:

• Click Start >> Run, to open the Run dialog box
• Here, type regedit to open the registry
• Navigate to the following registry key – HKEY_LOCAL_MACHINE >> software >> microsoft >> Ole
• On thee right hand window pane find an option called EnableDCOM
• Double-click EnableDCOM and change the value from Y to N
• click Ok
• Close the Registry Editor and restart your computer

These steps will only work for a standalone servers. Any serveres that are in a cluster state such as Active Directory, SQL failover cluster, Network Load Balancing [NLB] or Windows Replication service that NEVER-EVER follow these steps as it will simply diable port 135 which is used my Distributed File System [DFS] for the servers to comunicate with each other. Disabling it will just wont allow the servers to communicate and the services will fail.

We have seen allot of people looking to have the best option to secure the connection string in their ASP .NET code to connect the MS SQL database since it contains the username and password of their database. It is very important to use a secure method for corporate clients and those who save Credit Card details in their MS SQL database. Or they will easily get hacked and all the important data will be exploited by the hacker. And also for those who store important data in MSSQL.

Here are the list of methods that can be used to secure your MS SQL connection string in your ASP.NET application.

METHODS:

1. Using a DSN connection string:

If you have the administrator users access to your Windows Server or use a control panel like Plesk then you can create a DSN with ODBC connector that stores the password of your database along with its name.

You will have to go to Start >> Administrative Tools >> Data Sources (ODBC) on your Windows Server with an account that has administrative privileges.

Or if you use a hosting control panel like Plesk that you can create the DSN from the control panel itself.

Once you have created the DNS you will have to mention it in your code as:

oConn.Open "DSN=mySystemDSN"

2. Store your connection string either in web.config or global.asa:

It is safe to have connection string stored in either web.config or global.asa, since IIS does not allow these files to be accessed from the browser. But it is recommended to enable custom errors in web.config or else the browser just displays the exact exact in the event of an error.

An example of web.config would be:

3. Encrypt your connection String stored in Web.config.

To make the connection string more secure you can encrypt your string if you application is written in ASP .NET 2 as this only possible with the new feature in asp.net 2.0 through the config API.

Steps to Encrypt your connection string in web.config:

– Create a connectionstring section in web.config :-

– Run the command below:

aspnet_regiis –pe -app optionally you can provide the machine or user store.

– Get the connection string:-

Response.Write(ConfigurationManager.ConnectionStrings

["Myconnstr"].connectionString.ToString());

– You can also encrypt:

– To decrypt the connection string use aspnet_regiis –pd with the same parameters.

– There are more option available, such as:

aspnet_regiis –pef
aspnet_regiis -pdf

4. Save the connection string in the Windows registry:

You can also save the connection string in the windows registry, the only problem here is you have to give appropriate permissions on the registry so that your web user is able to read the data fron the registry:

Procedure to follow:

Add a registry key for your application under SOFTWARE/[YOUR_COMPANY]/[YOUR_APP]
Add a string value for ConnectionString
Teach your ConnectionFactory to crack open the appropriate registry key (in a static constructor, not every page load).
Export the registry info as a .reg file, add it to source control, modify and apply it as necessary to set up additional machines.

You will also have to make sure that the user have appropriate rights on the register to read the data.

5. Save your connection string in a DLL.

You can also save the connection sting the to a DLL using Visual Studio but this includes few disadvantages like, you will gave to decrypt the DLL to make any changes in the connection string and then again encrypt it. This makes things very complicated for you to manage your applications and specially when you have a shared hosting package.

You must enable remote connections for each instance of SQL Server 2005 that you want to connect to from a remote computer. To do this, follow these steps:

1.    Click Start, point to Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click MS SQL Server Surface Area Configuration.
2.    On the MS SQL Server 2005 Surface Area Configuration page, click Surface Area Configuration for Services and Connections.
3.    On the Surface Area Configuration for Services and Connections page, expand Database Engine, click Remote Connections, click Local and remote connections, click the appropriate protocol to enable for your environment, and then click Apply.

Note Click OK when you receive the following message:
Changes to Connection Settings will not take effect until you restart the Database Engine service.
4.    On the Surface Area Configuration for Services and Connections page, expand Database Engine, click Service, click Stop, wait until the MSSQLSERVER service stops, and then click Start to restart the MSSQLSERVER service.

Enable the SQL Server Browser service

If you are running MS SQL Server 2005 by using an instance name and you are not using a specific TCP/IP port number in your connection string, you must enable the SQL Server Browser service to allow for remote connections. For example, MS SQL Server 2005 Express is installed with a default instance name of Computer Name\SQLEXPRESS. You are only required to enable the SQL Server Browser service one time, regardless of how many instances of SQL Server 2005 you are running. To enable the MS SQL Server Browser service, follow these steps.

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

1.    Click Start, point to Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Surface Area Configuration.
2.    On the MS SQL Server 2005 Surface Area Configuration page, click Surface Area Configuration for Services and Connections.
3.    On the Surface Area Configuration for Services and Connections page, click SQL Server Browser, click Automatic for Startup type, and then click Apply.

Note When you click the Automatic option, the SQL Server Browser service starts automatically every time that you start Microsoft Windows.
4.    Click Start, and then click OK.

Note When you run the MS SQL Server Browser service on a computer, the computer displays the instance names and the connection information for each instance of SQL Server that is running on the computer. This risk can be reduced by not enabling the SQL Server Browser service and by connecting to the instance of SQL Server directly through an assigned TCP port. Connecting directly to an instance of SQL Server through a TCP port is beyond the scope of this article. For more information about the SQL Server Browser server and connecting to an instance of SQL Server, see the following topics in SQL Server Books Online:

•    SQL Server Browser Service
•    Connecting to the SQL Server Database Engine
•    Client Network Configuration

Create exceptions in Windows Firewall

These steps apply to the version of Windows Firewall that is included in Windows XP Service Pack 2 (SP2) and in Windows Server 2003. If you are using a different firewall system, see your firewall documentation for more information.

If you are running a firewall on the computer that is running SQL Server 2005, external connections to SQL Server 2005 will be blocked unless SQL Server 2005 and the SQL Server Browser service can communicate through the firewall. You must create an exception for each instance of SQL Server 2005 that you want to accept remote connections and an exception for the SQL Server Browser service.

MS SQL Server 2005 uses an instance ID as part of the path when you install its program files. To create an exception for each instance of MS SQL Server, you must identify the correct instance ID. To obtain an instance ID, follow these steps:

1.    Click Start, point to Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Configuration Manager.
2.    In SQL Server Configuration Manager, click the SQL Server Browser service in the right pane, right-click the instance name in the main window, and then click Properties.
3.    On the SQL Server Browser Properties page, click the Advanced tab, locate the instance ID in the property list, and then click OK.

To open Windows Firewall, click Start, click Run, type firewall.cpl, and then click OK.

Create an exception for MS SQL Server 2005 in Windows Firewall

To create an exception for MS SQL Server 2005 in Windows Firewall, follow these steps:

1.    In Windows Firewall, click the Exceptions tab, and then click Add Program.
2.    In the Add a Program window, click Browse.
3.    Click the C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe executable program, click Open, and then click OK.

Note The path may be different depending on where SQL Server 2005 is installed. MSSQL.1 is a placeholder for the instance ID that you obtained in step 3 of the previous procedure.
4.    Repeat steps 1 through 3 for each instance of SQL Server 2005 that needs an exception.

Create an exception for the MS SQL Server Browser service in Windows Firewall

To create an exception for the SQL Server Browser service in Windows Firewall, follow these steps:

1.    In Windows Firewall, click the Exceptions tab, and then click Add Program.
2.    In the Add a Program window, click Browse.
3.    Click the C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe executable program, click Open, and then click OK.

Note The path may be different depending on where MS SQL Server 2005 is installed.

Whenever you plug a USB drive in your system (which you think is infected by virus), do not open it -  Do not click ‘OK’ !
click on ‘Cancel’. Now open Command Prompt by typing ‘cmd‘ in run box.
Type dir /w/a and press enter.
Above command will display list of files in pen drive. Check in the list if the files are not

* Heap41a
* New Folder.exe
* Autorun.inf
* svchost.exe
* Ravmon.exe
* or any other exe file which may be suspicious.

If any of the above files are present in the list, then your USB drive is infected. To remove these files, type the following command in command prompt
attrib -r -a -s -h *.* and press enter.
This will remove from files  Read Only, Archive, System and Hidden attributes .

The files which you will now be looking on are the junk files (viruses) and can be deleted using  del command. Delete all those files which you find suspicious. To be on a safer side, just scan again your  USB Pen drive using a anti virus to check whether it is free of virus or not.