August 20, 2008 at 5:56 am
Hi!! I have been member of this site for some time, and this is my first cry for help.. 😀
I have just set up SQL Server 2000 Personal Edition and .Net 2003 Professional on Windows XP SP3 at home (FYI, I work on .Net 2003 and SQL Server 2000 in my company, and have been working with them for more than a year).
I created a new vb.net project for a home-based business we are starting. But trying to do my first table insert from .net, I get a "login error" when trying to open the connection.
The connection string I use is "Server=[serverIP];Database=[databasename];User ID=sa;Password=;". When I installed SQL Server I made sure the sa user was configured without a password (that's how we have it set in my company's server), and the connection string structure is exactly the same as we use there... I also made sure that the sa user is configured as a user in the new database I created, and that has full privileges...
Any hint anyone???
Thanks from Argentina 😛
Juan P. Realini
Buenos Aires, Argentina
Web Developer, .Net Developer,
Windows Applications, SQL Server 2000
"A man's gotta do what a man's gotta do... that is, do all his wife says... "
August 22, 2008 at 5:25 am
You've tested the sa login manually right? I mean you can connect to from Query Analyser?
A bit off topic, but I strongly recommend that you DO NOT have a blank sa password or that you use it within application connection strings.
August 22, 2008 at 5:42 am
Check the SQL server logs to see what the error number is this will give you a clue as to why the login has failed.
I also would not reccommend using SA and a blank password at all..
August 27, 2008 at 5:57 am
Have you installed named instance of SQL Server?
I would use 'Server Explorer' (in VS 2003, View->Server Explorer') and use 'Connect to Database' to create connection to your server. After you will create connection, right click select properties of the connection, the 'Properties' window will appear and just copy and paste created connection string.
This is connection string to SQL Server 2000, using windows authentications instead of blank SA password.
Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=[Database Name];Data Source=[Server IP]\[Instance Name];Packet Size=4096;
August 27, 2008 at 6:23 am
Thanks for the tips... I changed the connection string and it finally worked. I can't remember how it goes right now, but I will post it so you guys can take a look and tell me if even when it's working, it is the right and safe way to connect to the DB...
Regarding the SA user without password... I have configured it that way because it's a testing environment at home... But is it dangerous anyway, considering that I have a cablemodem connection? I have a firewall setup and everything but maybe it is still not adviceable to do so... you tell me
Thanks for everything...
Juan P. Realini
Buenos Aires, Argentina
Web Developer, .Net Developer,
Windows Applications, SQL Server 2000
"A man's gotta do what a man's gotta do... that is, do all his wife says... "
August 27, 2008 at 6:50 am
Still not advisable, no.
Two of the golden rules around security are to ensure you have a non default port number and ensure that you have a strong SA password.
August 27, 2008 at 7:14 am
Juan,
It's a poor habit to get into. Even with a firewall, what if that changes? What if you take your machine to another location to deploy something? What if a trojan/javascript/some other type of code bypasses your firewall and starts looking for SQL Servers? They run on a standard port, and sa/blank is how the SQL Slammer worm shut down thousands of computers a couple years ago. All because of sa/blank, and most of those companies had strong firewalls.
Just don't use sa/blank. If your company does it, it's negligent and arguably criminal for clients if something happens.
August 27, 2008 at 7:17 am
Also you shouldn't be using SA account for the application to connect to SQL Server instance, even with very very strong password, create seperated SQL Server login map it to user in your [database].
For created database grant it with db_datareader and db_datawriter roles.
Using SA account even during development, usually results in using it on production, as when the project is deployed, there are other 'more important' things to do, than making application more secure.
August 27, 2008 at 7:41 am
Ouch!!! That hurt....
I will follow all this good advice... You can bet on it... 🙂
Thanks
Juan P. Realini
Buenos Aires, Argentina
Web Developer, .Net Developer,
Windows Applications, SQL Server 2000
"A man's gotta do what a man's gotta do... that is, do all his wife says... "
March 17, 2009 at 8:27 am
Hi!.. it's been a long time... Just want to use this post to ask you guys to take a look at this other post I added some time ago
http://www.sqlservercentral.com/Forums/Topic670142-1042-1.aspx
I really need help with this one...
Thanks
JP
Juan P. Realini
Buenos Aires, Argentina
Web Developer, .Net Developer,
Windows Applications, SQL Server 2000
"A man's gotta do what a man's gotta do... that is, do all his wife says... "
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply