Showing posts with label tool. Show all posts
Showing posts with label tool. Show all posts

Friday, March 30, 2012

Is it possible to read/write a file at privilege?

hello.
I saw some systems which were hacked by sql injection tool
And some files of the systems were changed. I guess the tool tried to
read/write files.
howerver, the user privilege is not 'sa'. Is it possible for user who
is not 'sa' to read/write files?
If it is possible, how can I prevent the tools from reading/writing
files even if my web page is injectable?dodol (Dolka1@.gmail.com) writes:
> I saw some systems which were hacked by sql injection tool
> And some files of the systems were changed. I guess the tool tried to
> read/write files.
> howerver, the user privilege is not 'sa'. Is it possible for user who
> is not 'sa' to read/write files?
It could be another user with sysadmin rights. Or execution rights might
have been granted on xp_cmdshell or sp_OAxxx.

> If it is possible, how can I prevent the tools from reading/writing
> files even if my web page is injectable?
Make sure that xp_cmdshell and the sp_OAxxx procedures are disabled.
Make sure that SQL Server runs on a domain account that has no extra
privileges. The less welcome it is in the rest of the network the better.
But the main line of defence is of course to use stored procedure or
parameterised statements and never interpolate incoming stuff into
query strings.
Erland Sommarskog, SQL Server MVP, esquel@.sommarskog.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pr...oads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodin...ions/books.mspx
Posted by subtractionpasl at 2:44 AM 0 comments
Labels: , , , , , , , , , , , , , , , ,

Wednesday, March 21, 2012

Is it possible to create a bar code in SQL reporting?

I need to be able to create a bar code in SQL reports. Do I need to get a three party tool or do you have anything that can help.

Thanks

SQL Server Report needs nothing. What you need it's a font. You have to look for a ttf with eg bar code 39 or other encoding. Unfortunattly goods ttf aren't free.
When you've got the font then replace the font of the field wich has the code and that's all.
Good luck in your search.|||thanks|||

I found a better choice instead of using fonts.

Barcode Professional .NET for Reporting Services

http://www.neodynamic.com/Products/BCRS/BarcodeRS.aspx?tabid=78&prodid=7

Cheers

|||

Or you could try this Windows Form Control that supports Reporting Services.

http://www.technoriversoft.com/developer.html

|||

Hi, I am trying to use a TTF font, and it prints out but the bar code reader is not reading the font.

In Crystal, I had to put an * before after the value.

In Excel, it works the same way.

But in SRS 2000, it will not work.

My expression is

="*"& Fields!MANUFACTUREORDER_I.Value.Trim() & "*"

I have also tried using the plus instead of *.

The font I am using is Free 3 of 9 Extended.

thanks for you help.

|||

IT is not good way

it is because when you compile the report into production server.

when user print it, it will show the text rather than bar code....

|||

As Inamori has stated. Everything works fine until the report is compiled into a productions server. At that point the barcode is shown as clear text.

So what exactly is the fix. Was one ever found?

Posted by subtractionpasl at 6:24 AM 0 comments
Labels: , , , , , , , , , , , ,

Is it possible to create a bar code in SQL reporting?

I need to be able to create a bar code in SQL reports. Do I need to get a three party tool or do you have anything that can help.

Thanks

SQL Server Report needs nothing. What you need it's a font. You have to look for a ttf with eg bar code 39 or other encoding. Unfortunattly goods ttf aren't free.
When you've got the font then replace the font of the field wich has the code and that's all.
Good luck in your search.|||thanks|||

I found a better choice instead of using fonts.

Barcode Professional .NET for Reporting Services

http://www.neodynamic.com/Products/BCRS/BarcodeRS.aspx?tabid=78&prodid=7

Cheers

|||

Or you could try this Windows Form Control that supports Reporting Services.

http://www.technoriversoft.com/developer.html

|||

Hi, I am trying to use a TTF font, and it prints out but the bar code reader is not reading the font.

In Crystal, I had to put an * before after the value.

In Excel, it works the same way.

But in SRS 2000, it will not work.

My expression is

="*"& Fields!MANUFACTUREORDER_I.Value.Trim() & "*"

I have also tried using the plus instead of *.

The font I am using is Free 3 of 9 Extended.

thanks for you help.

|||

IT is not good way

it is because when you compile the report into production server.

when user print it, it will show the text rather than bar code....

|||

As Inamori has stated. Everything works fine until the report is compiled into a productions server. At that point the barcode is shown as clear text.

So what exactly is the fix. Was one ever found?

sql
Posted by subtractionpasl at 6:24 AM 0 comments
Labels: , , , , , , , , , , , ,

Is it possible to create a bar code in SQL reporting?

I need to be able to create a bar code in SQL reports. Do I need to get a three party tool or do you have anything that can help.

Thanks

SQL Server Report needs nothing. What you need it's a font. You have to look for a ttf with eg bar code 39 or other encoding. Unfortunattly goods ttf aren't free.
When you've got the font then replace the font of the field wich has the code and that's all.
Good luck in your search.|||thanks|||

I found a better choice instead of using fonts.

Barcode Professional .NET for Reporting Services

http://www.neodynamic.com/Products/BCRS/BarcodeRS.aspx?tabid=78&prodid=7

Cheers

|||

Or you could try this Windows Form Control that supports Reporting Services.

http://www.technoriversoft.com/developer.html

|||

Hi, I am trying to use a TTF font, and it prints out but the bar code reader is not reading the font.

In Crystal, I had to put an * before after the value.

In Excel, it works the same way.

But in SRS 2000, it will not work.

My expression is

="*"& Fields!MANUFACTUREORDER_I.Value.Trim() & "*"

I have also tried using the plus instead of *.

The font I am using is Free 3 of 9 Extended.

thanks for you help.

|||

IT is not good way

it is because when you compile the report into production server.

when user print it, it will show the text rather than bar code....

|||

As Inamori has stated. Everything works fine until the report is compiled into a productions server. At that point the barcode is shown as clear text.

So what exactly is the fix. Was one ever found?

Posted by subtractionpasl at 6:23 AM 0 comments
Labels: , , , , , , , , , , , ,

Is it possible to create a bar code in SQL reporting?

I need to be able to create a bar code in SQL reports. Do I need to get a three party tool or do you have anything that can help.

Thanks

SQL Server Report needs nothing. What you need it's a font. You have to look for a ttf with eg bar code 39 or other encoding. Unfortunattly goods ttf aren't free.
When you've got the font then replace the font of the field wich has the code and that's all.
Good luck in your search.|||thanks|||

I found a better choice instead of using fonts.

Barcode Professional .NET for Reporting Services

http://www.neodynamic.com/Products/BCRS/BarcodeRS.aspx?tabid=78&prodid=7

Cheers

|||

Or you could try this Windows Form Control that supports Reporting Services.

http://www.technoriversoft.com/developer.html

|||

Hi, I am trying to use a TTF font, and it prints out but the bar code reader is not reading the font.

In Crystal, I had to put an * before after the value.

In Excel, it works the same way.

But in SRS 2000, it will not work.

My expression is

="*"& Fields!MANUFACTUREORDER_I.Value.Trim() & "*"

I have also tried using the plus instead of *.

The font I am using is Free 3 of 9 Extended.

thanks for you help.

|||

IT is not good way

it is because when you compile the report into production server.

when user print it, it will show the text rather than bar code....

|||

As Inamori has stated. Everything works fine until the report is compiled into a productions server. At that point the barcode is shown as clear text.

So what exactly is the fix. Was one ever found?

Posted by subtractionpasl at 6:23 AM 1 comments
Labels: , , , , , , , , , , , ,

Friday, March 9, 2012

Is it MS SQLServer or something else?

I am using a tool called AppDetective to identify database servers and
then to scan them for vulnerabilities.

I've just been handed a list of machines and have been asked to
determine which ones are actually MS SQLServer. (AppDetective says
that all of the systems on the list have MS SQLServer).

Does MS SQLServer make use of the same engine/port arrangements for
its other applications such as MS Access?

I've also heard that the engine (Jett?) is also used in some other
Windows components, which is why the AV systems had such problems with
Slammer last year. Is this true?

Thanks in advance"Byrocat" <bdealhoy@.sympatico.ca> wrote in message
news:b47d3acf.0502090633.251c12da@.posting.google.c om...
>I am using a tool called AppDetective to identify database servers and
> then to scan them for vulnerabilities.
> I've just been handed a list of machines and have been asked to
> determine which ones are actually MS SQLServer. (AppDetective says
> that all of the systems on the list have MS SQLServer).
> Does MS SQLServer make use of the same engine/port arrangements for
> its other applications such as MS Access?
> I've also heard that the engine (Jett?) is also used in some other
> Windows components, which is why the AV systems had such problems with
> Slammer last year. Is this true?
> Thanks in advance

I don't know how AppDetective identifies an MSSQL installation, but if it's
reporting machines which you don't believe have MSSQL, it may be that they
have MSDE instead - it's a throttled version of MSSQL for small
applications. If any of the apps listed here are installed, that may be why
they appear in AppDetective:

http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=31

Some people installed these apps without realising that they included MSDE,
so they did get hit by Slammer, despite believing that they had no MSSQL
installations. As of SP3a, network access to MSDE is disabled by default, to
prevent attacks on MSDE installations which are only used locally.

The Jet engine is used by Access, which doesn't listen on any ports since it
isn't a server.

Simon

Posted by subtractionpasl at 7:50 AM 0 comments
Labels: , , , , , , , , , , , , , , ,

Monday, February 20, 2012

Is Cross-Validation (or Rotation Estimation) available in SQL Server?

Dear forum users,

I am a newbie in using MS SQL server with analysis services.
There seems to be no 'cross-validation' tool in MS SQL
which is frequently used in data mining and even statistics.
Is there anyone having similar difficulties?
Is there any solution like a small scripts to divide
the given dataset with multiple folds?
Your valuable comments and feedbacks would be appreciated.

Minnetongka

We have implemented cross-validation as part of a larger "model evaluation" module on top of the data mining algorithm implementations in SQL-Server 2005 Analysis Services. This is done by implementing sampling on top of the source case/nested tables and then utilizing the Analysis Services APIs (in C#) to train predictive models over training sets and then execute the appropriate prediction join over the testing sets to collect model performance metrics.

We commonly use this "model evaluation" model to automate the process of finding the most accurate predictive models for a given application.

Although we can't make our module publicly available at this time, let me know if you're interested in more information.

Thanks,

- Paul Bradley

Posted by subtractionpasl at 12:04 AM 0 comments
Labels: , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)