Greetings all,
I am a network security professional rather than a MS SQL admin, so I
apologize in advance if this is a bit of a basic question for this
list. I know an admin setting up a SQL server that will only be
accesible by a webserver running on the same host (not happy about
running private vs publicly avaialable services on the same host , but
it's what we've got). As such, I'd like to recommend to him that the
SQL server only listen on the localhost ip, 127.0.0.1, thereby making
it inaccesible to the outside world. I looked around the MS
knowledgebase but couldn't find a clear document stating how to do
this. Is it even possible? Is there a better option for this
configuration?
Thanks,
BrianYou propably need to firewall the server then.
HTH, Jens Suessmeyer.
http://www.sqlserver2005.de
--
<tinbox@.nyct.net> schrieb im Newsbeitrag
news:1114053613.247153.87700@.o13g2000cwo.googlegroups.com...
> Greetings all,
> I am a network security professional rather than a MS SQL admin, so I
> apologize in advance if this is a bit of a basic question for this
> list. I know an admin setting up a SQL server that will only be
> accesible by a webserver running on the same host (not happy about
> running private vs publicly avaialable services on the same host , but
> it's what we've got). As such, I'd like to recommend to him that the
> SQL server only listen on the localhost ip, 127.0.0.1, thereby making
> it inaccesible to the outside world. I looked around the MS
> knowledgebase but couldn't find a clear document stating how to do
> this. Is it even possible? Is there a better option for this
> configuration?
> Thanks,
> Brian
>
Showing posts with label professional. Show all posts
Showing posts with label professional. Show all posts
Tuesday, March 27, 2012
binding SQL server to localhost?
Greetings all,
I am a network security professional rather than a MS SQL admin, so I
apologize in advance if this is a bit of a basic question for this
list. I know an admin setting up a SQL server that will only be
accesible by a webserver running on the same host (not happy about
running private vs publicly avaialable services on the same host , but
it's what we've got). As such, I'd like to recommend to him that the
SQL server only listen on the localhost ip, 127.0.0.1, thereby making
it inaccesible to the outside world. I looked around the MS
knowledgebase but couldn't find a clear document stating how to do
this. Is it even possible? Is there a better option for this
configuration?
Thanks,
Brian
You propably need to firewall the server then.
HTH, Jens Suessmeyer.
http://www.sqlserver2005.de
<tinbox@.nyct.net> schrieb im Newsbeitrag
news:1114053613.247153.87700@.o13g2000cwo.googlegro ups.com...
> Greetings all,
> I am a network security professional rather than a MS SQL admin, so I
> apologize in advance if this is a bit of a basic question for this
> list. I know an admin setting up a SQL server that will only be
> accesible by a webserver running on the same host (not happy about
> running private vs publicly avaialable services on the same host , but
> it's what we've got). As such, I'd like to recommend to him that the
> SQL server only listen on the localhost ip, 127.0.0.1, thereby making
> it inaccesible to the outside world. I looked around the MS
> knowledgebase but couldn't find a clear document stating how to do
> this. Is it even possible? Is there a better option for this
> configuration?
> Thanks,
> Brian
>
I am a network security professional rather than a MS SQL admin, so I
apologize in advance if this is a bit of a basic question for this
list. I know an admin setting up a SQL server that will only be
accesible by a webserver running on the same host (not happy about
running private vs publicly avaialable services on the same host , but
it's what we've got). As such, I'd like to recommend to him that the
SQL server only listen on the localhost ip, 127.0.0.1, thereby making
it inaccesible to the outside world. I looked around the MS
knowledgebase but couldn't find a clear document stating how to do
this. Is it even possible? Is there a better option for this
configuration?
Thanks,
Brian
You propably need to firewall the server then.
HTH, Jens Suessmeyer.
http://www.sqlserver2005.de
<tinbox@.nyct.net> schrieb im Newsbeitrag
news:1114053613.247153.87700@.o13g2000cwo.googlegro ups.com...
> Greetings all,
> I am a network security professional rather than a MS SQL admin, so I
> apologize in advance if this is a bit of a basic question for this
> list. I know an admin setting up a SQL server that will only be
> accesible by a webserver running on the same host (not happy about
> running private vs publicly avaialable services on the same host , but
> it's what we've got). As such, I'd like to recommend to him that the
> SQL server only listen on the localhost ip, 127.0.0.1, thereby making
> it inaccesible to the outside world. I looked around the MS
> knowledgebase but couldn't find a clear document stating how to do
> this. Is it even possible? Is there a better option for this
> configuration?
> Thanks,
> Brian
>
binding SQL server to localhost?
Greetings all,
I am a network security professional rather than a MS SQL admin, so I
apologize in advance if this is a bit of a basic question for this
list. I know an admin setting up a SQL server that will only be
accesible by a webserver running on the same host (not happy about
running private vs publicly avaialable services on the same host , but
it's what we've got). As such, I'd like to recommend to him that the
SQL server only listen on the localhost ip, 127.0.0.1, thereby making
it inaccesible to the outside world. I looked around the MS
knowledgebase but couldn't find a clear document stating how to do
this. Is it even possible? Is there a better option for this
configuration?
Thanks,
BrianYou propably need to firewall the server then.
HTH, Jens Suessmeyer.
--
http://www.sqlserver2005.de
--
<tinbox@.nyct.net> schrieb im Newsbeitrag
news:1114053613.247153.87700@.o13g2000cwo.googlegroups.com...
> Greetings all,
> I am a network security professional rather than a MS SQL admin, so I
> apologize in advance if this is a bit of a basic question for this
> list. I know an admin setting up a SQL server that will only be
> accesible by a webserver running on the same host (not happy about
> running private vs publicly avaialable services on the same host , but
> it's what we've got). As such, I'd like to recommend to him that the
> SQL server only listen on the localhost ip, 127.0.0.1, thereby making
> it inaccesible to the outside world. I looked around the MS
> knowledgebase but couldn't find a clear document stating how to do
> this. Is it even possible? Is there a better option for this
> configuration?
> Thanks,
> Brian
>sql
I am a network security professional rather than a MS SQL admin, so I
apologize in advance if this is a bit of a basic question for this
list. I know an admin setting up a SQL server that will only be
accesible by a webserver running on the same host (not happy about
running private vs publicly avaialable services on the same host , but
it's what we've got). As such, I'd like to recommend to him that the
SQL server only listen on the localhost ip, 127.0.0.1, thereby making
it inaccesible to the outside world. I looked around the MS
knowledgebase but couldn't find a clear document stating how to do
this. Is it even possible? Is there a better option for this
configuration?
Thanks,
BrianYou propably need to firewall the server then.
HTH, Jens Suessmeyer.
--
http://www.sqlserver2005.de
--
<tinbox@.nyct.net> schrieb im Newsbeitrag
news:1114053613.247153.87700@.o13g2000cwo.googlegroups.com...
> Greetings all,
> I am a network security professional rather than a MS SQL admin, so I
> apologize in advance if this is a bit of a basic question for this
> list. I know an admin setting up a SQL server that will only be
> accesible by a webserver running on the same host (not happy about
> running private vs publicly avaialable services on the same host , but
> it's what we've got). As such, I'd like to recommend to him that the
> SQL server only listen on the localhost ip, 127.0.0.1, thereby making
> it inaccesible to the outside world. I looked around the MS
> knowledgebase but couldn't find a clear document stating how to do
> this. Is it even possible? Is there a better option for this
> configuration?
> Thanks,
> Brian
>sql
binding SQL server to localhost?
Greetings all,
I am a network security professional rather than a MS SQL admin, so I
apologize in advance if this is a bit of a basic question for this
list. I also cross-posted this to microsoft.public.sqlserver.server,
so sorry if anyone's read it already.
I know an admin setting up a SQL server that will only be
accesible by a webserver running on the same host (not happy about
running private vs publicly avaialable services on the same host , but
it's what we've got). As such, I'd like to recommend to him that the
SQL server only listen on the localhost ip, 127.0.0.1, thereby making
it inaccesible to the outside world. I looked around the MS
knowledgebase but couldn't find a clear document stating how to do
this. Is it even possible? Is there a better option for this
configuration?
It's been suggested that firewalling is the only option, but I'd really
like to do *both* (firewall & bind to localhost). The firewall in this
case will have to be host-based instead (software) instead of hardware
for non-technical reasons, so additionally if anyone recommends a
software firewall they use for this purpose I'd appreciate it. My firs
impulse is to recommend Tiny, but I've never used a software firewall
for an MS SQL/Web server before.
Thanks,
BrianOne option is to disable network access completely, and use only shared
memory for access to MSSQL (this is how MSDE operates by default since
SP3), so only applications running on the same machine will be able to
access it. Although someone could still attack MSSQL by compromising
the web server, or using SQL injection.
MSSQL itself doesn't provide any way to accept connections from
specified hosts - you would normally use the operating system's IP
filtering functions to do that.
Simon|||There isn't a way to have sql server listen on a specific ip. Sorry.
If you haven't already seen this, take a look at the Network
Configuration dialog on the general tab of the server's properties.
Two protocols are enabled by default. TCPIP is one of them, and you
can change the port and set it to ignore discovery broadcasts. That
would make the server invisible to anyone looking for it. However,
anyone who portscans the server would notice whatever port you put it
on and (I'd assume) be able to figure out that it's a SQL Server. So,
you do still need to firewall it.
The other protocol is called Named Pipes. That's basically using
memory to communicate. If the application you're developing supports
it, I'd suggest using this and turning off TCPIP support altogether.
This is probably faster anyway.
Chris
Monday, March 19, 2012
BIDS and SSMS very slow on Windows XP SP2
Hi,
opening SQL Server Management Studio 2005 or Business Intelligence Development Studio 2005 on my Windows XP SP2 Professional Edition is extremely slow. Espacially in BIDS it take several seconds for each action.
Is anybody aware of this problem? We didn't have those problems on Win2000 so I guess it is XP related.
Any ideas?
Regards
Norbert Bender
http://www.sql-server-performance.com//faq/?f=144|||I added the /nosplash option but it didn't change anything. It is still very slow. Any other idea?
Regards
Norbert
|||I would guess sometimes it take forever, when I had that problem I've uninstalled and resinstalled the tools which gave me senisble performance on that aspect.
|||I would start by making sure you have sufficient memory on the machine. Both SSMS and BIDS have a large number of .NET managed code components. .NET applications use quite a bit of memory, so they are much more performant on machines with lots of memory. SSMS runs fine on my 1.2 GHz P3 laptop, but it has 1GB of RAM.
Next, if you are running SSMS on the same machine as SQL Server, and if this is a development environment, I would limit the amount of RAM available to SQL Server. By default, SQL Server will use every available byte of memory on the machine if it thinks it needs it. This is a good thing for production servers where server performance is everything, but this tends to starve other applications running on the server. On my laptop, I limit the server to 128 MB of RAM, which is sufficient for testing purposes. If you are working with a production server, consider running SSMS or BIDS on a different machine and connecting remotely to the server.
Next, consider what else you are running in the background. If you are running a large number of applications, you might not have a lot of memory left for SSMS or BIDS. If you are running some application that is using the disk drive continuously, that can hurt performance too. The file system runs at very high priority and can monopolize the system if there are lot of reads and writes going on, particularly on single processor machines. My laptop becomes basically unusable while I'm compiling a large code-base, for example.
Last, if possible, make sure your machine can connect to the internet. The .NET runtime validates that the certificates that code is signed with are valid when applications start. Part of this operation requires the runtime to get the list of revoked certificates from the http://crl.microsoft.com website to make sure the code wasn't signed with a revoked certificate. (Some fake certificates were issued in Microsoft's name a few years back, so this is a real concern.) If the runtime can't quickly connect to the website, it can take up to 45 seconds for the operation to time-out completely. You can turn this check off, but it's fairly dangerous to do that on machines that are sometimes connected to the internet.
Hope this helps,
Steve
Thanks for those detailed information. I guess the last issue is it, as the account I am using is not the one, which is allowed to connect to the internet.
I will try this and I will give you feedback asap.
Regards nad thanks
Norbert
|||Thanks for the hints. I checked the permissions for the account and they can access the internet, so I guess, this isn't the solution. My client has has 1 GB to as RAM and ususally I do not have memory intensive apps running. I think I will reinstall the whole software maybe this helps
Regards
Norbert
BIDS and SSMS very slow on Windows XP SP2
Hi,
opening SQL Server Management Studio 2005 or Business Intelligence Development Studio 2005 on my Windows XP SP2 Professional Edition is extremely slow. Espacially in BIDS it take several seconds for each action.
Is anybody aware of this problem? We didn't have those problems on Win2000 so I guess it is XP related.
Any ideas?
Regards
Norbert Bender
http://www.sql-server-performance.com//faq/?f=144|||I added the /nosplash option but it didn't change anything. It is still very slow. Any other idea?
Regards
Norbert
|||I would guess sometimes it take forever, when I had that problem I've uninstalled and resinstalled the tools which gave me senisble performance on that aspect.
|||I would start by making sure you have sufficient memory on the machine. Both SSMS and BIDS have a large number of .NET managed code components. .NET applications use quite a bit of memory, so they are much more performant on machines with lots of memory. SSMS runs fine on my 1.2 GHz P3 laptop, but it has 1GB of RAM.
Next, if you are running SSMS on the same machine as SQL Server, and if this is a development environment, I would limit the amount of RAM available to SQL Server. By default, SQL Server will use every available byte of memory on the machine if it thinks it needs it. This is a good thing for production servers where server performance is everything, but this tends to starve other applications running on the server. On my laptop, I limit the server to 128 MB of RAM, which is sufficient for testing purposes. If you are working with a production server, consider running SSMS or BIDS on a different machine and connecting remotely to the server.
Next, consider what else you are running in the background. If you are running a large number of applications, you might not have a lot of memory left for SSMS or BIDS. If you are running some application that is using the disk drive continuously, that can hurt performance too. The file system runs at very high priority and can monopolize the system if there are lot of reads and writes going on, particularly on single processor machines. My laptop becomes basically unusable while I'm compiling a large code-base, for example.
Last, if possible, make sure your machine can connect to the internet. The .NET runtime validates that the certificates that code is signed with are valid when applications start. Part of this operation requires the runtime to get the list of revoked certificates from the http://crl.microsoft.com website to make sure the code wasn't signed with a revoked certificate. (Some fake certificates were issued in Microsoft's name a few years back, so this is a real concern.) If the runtime can't quickly connect to the website, it can take up to 45 seconds for the operation to time-out completely. You can turn this check off, but it's fairly dangerous to do that on machines that are sometimes connected to the internet.
Hope this helps,
Steve
Thanks for those detailed information. I guess the last issue is it, as the account I am using is not the one, which is allowed to connect to the internet.
I will try this and I will give you feedback asap.
Regards nad thanks
Norbert
|||Thanks for the hints. I checked the permissions for the account and they can access the internet, so I guess, this isn't the solution. My client has has 1 GB to as RAM and ususally I do not have memory intensive apps running. I think I will reinstall the whole software maybe this helps
Regards
Norbert
BIDS and SSMS very slow on Windows XP SP2
Hi,
opening SQL Server Management Studio 2005 or Business Intelligence Development Studio 2005 on my Windows XP SP2 Professional Edition is extremely slow. Espacially in BIDS it take several seconds for each action.
Is anybody aware of this problem? We didn't have those problems on Win2000 so I guess it is XP related.
Any ideas?
Regards
Norbert Bender
http://www.sql-server-performance.com//faq/?f=144|||I added the /nosplash option but it didn't change anything. It is still very slow. Any other idea?
Regards
Norbert
|||I would guess sometimes it take forever, when I had that problem I've uninstalled and resinstalled the tools which gave me senisble performance on that aspect.
|||I would start by making sure you have sufficient memory on the machine. Both SSMS and BIDS have a large number of .NET managed code components. .NET applications use quite a bit of memory, so they are much more performant on machines with lots of memory. SSMS runs fine on my 1.2 GHz P3 laptop, but it has 1GB of RAM.
Next, if you are running SSMS on the same machine as SQL Server, and if this is a development environment, I would limit the amount of RAM available to SQL Server. By default, SQL Server will use every available byte of memory on the machine if it thinks it needs it. This is a good thing for production servers where server performance is everything, but this tends to starve other applications running on the server. On my laptop, I limit the server to 128 MB of RAM, which is sufficient for testing purposes. If you are working with a production server, consider running SSMS or BIDS on a different machine and connecting remotely to the server.
Next, consider what else you are running in the background. If you are running a large number of applications, you might not have a lot of memory left for SSMS or BIDS. If you are running some application that is using the disk drive continuously, that can hurt performance too. The file system runs at very high priority and can monopolize the system if there are lot of reads and writes going on, particularly on single processor machines. My laptop becomes basically unusable while I'm compiling a large code-base, for example.
Last, if possible, make sure your machine can connect to the internet. The .NET runtime validates that the certificates that code is signed with are valid when applications start. Part of this operation requires the runtime to get the list of revoked certificates from the http://crl.microsoft.com website to make sure the code wasn't signed with a revoked certificate. (Some fake certificates were issued in Microsoft's name a few years back, so this is a real concern.) If the runtime can't quickly connect to the website, it can take up to 45 seconds for the operation to time-out completely. You can turn this check off, but it's fairly dangerous to do that on machines that are sometimes connected to the internet.
Hope this helps,
Steve
Thanks for those detailed information. I guess the last issue is it, as the account I am using is not the one, which is allowed to connect to the internet.
I will try this and I will give you feedback asap.
Regards nad thanks
Norbert
|||Thanks for the hints. I checked the permissions for the account and they can access the internet, so I guess, this isn't the solution. My client has has 1 GB to as RAM and ususally I do not have memory intensive apps running. I think I will reinstall the whole software maybe this helps
Regards
Norbert
BIDS (VS 2005 Professional) Hangs
Occasionally, when I try to edit a package I get an error. Visual studio is busyfound VS hanged.
It is specific to my machine or a common problem.
You are not the only person. For me, VS usually hangs for only a minute or so.
|||I hope it will be corrected in 2008 version.BIDS (VS 2005 Professional) Hangs
Occasionally, when I try to edit a package I get an error. Visual studio is busyfound VS hanged.
It is specific to my machine or a common problem.
You are not the only person. For me, VS usually hangs for only a minute or so.
|||I hope it will be corrected in 2008 version.
Subscribe to:
Posts (Atom)