I have a database hosted on one server which has a linked server connection to another server which houses data for a custom application. The database with the linked server connection needs to insert sensitive data from a table into the database hosted on the linked server for the custom application.
I followed this guide (https://www.mssqltips.com/sqlservertip/2431/sql-server-column-level-encryption-example-using-symmetric-keys/) and created the symmetric key on the server which is used for the custom application and I can insert and read encrypted data fine on the custom application server.
As you can see in Step 3 above, i create a MASTER KEY in the database on the custom application server. What I want to do now, is use:
INSERT INTO LinkedServer.Table
SELECT EncryptByKey(Key_GUID('myKey'), someColumn), etc
FROM SensitiveData.Table
After all of that, my question is, since this key only exists on the linked server used for the custom application, I get an error when trying to EncryptByKey on the INSERT from the sensitive data server to custom application server with the message:
Remote function reference 'LinkedServer.DatabaseName.dbo.EncryptByKey'
is not allowed, and the column name 'LinkedServer' could not be found
or is ambiguous.
Should I create the same Key on the sensitive data server so it can encrypt from there and is there any security risk in doing that? Or is there some syntaxual way to tell it to use the key on the linked server to do the encryption? Or a final way I thought to do it was create another table in the custom application server, insert the data from the sensitive data server as it normally appears, put a trigger on that table and After Insert, use the Master Key on the custom application server to encrypt the data, move it into the table I want the encrypted data saved in, and delete it from the new table?
This is how I tackled this issue.
I created a temp table in my linked server database to hold the plain text data.
I set an AFTER INSERT trigger on the temp table to insert into the encrypted table using the MASTER KEY on the linked server to encrypt all the values.
Deleted all data from the temp table.
This gets the job done, I'm still unsure of whether I approached this situation correctly, so feel free to comment or add an answer to this post.
Related
If I have a tool that writes data to Access but one of the tables is a linked table, how exactly is the data written to that linked table? Does the data get off-handed to Access and then within Access, Access handles the writing of the data? Or is a kind of link provided to the tool and then the tool writes directly to the table?
The reason for asking is that I've encountered times where some automated tools that I work with will or won't write to a linked table and I'm curious of how to ensure that data is always written.
Usually, all data is written via the Access Database Engine, unless you're doing something weird.
In most situations, it works like this:
Tool submits a query via OLEDB/ODBC/DAO to the Access Database Engine (DAO360.DLL/ACEDAO.DLL)
Access Database Engine determines which data should be read/written to where (to the file/remote data source)
Access Database Engine uses the connect property of the linked table to try and open a connection if necessary, and creates a new query or multiple queries in the appropriate SQL dialect
Access Database Engine submits query/queries via the opened connection
However, this can go wrong:
The tool doesn't actually use the Access Database Engine at all, but tries to directly write the file (via UCanAccess/MDBTools/proprietary driver), and those don't support linked connections at all
The connection string in the linked table requires an ODBC driver, password, resource, or something else that's not present or not in the right place
The linked table requires some sort of implicit authentication (e.g. SharePoint), and this doesn't happen
The data source used by the linked table requires a specific lock type (e.g. dbSeeChanges for opening a Dynaset-type recordset on SQL server) which is not used by the tool
And of course, many, many more things can go wrong (in fact, I crashed Excel in an attempt to test reading a linked SharePoint lists while writing this answer).
I am trying to setup ejabberd as IM solution for my project, which will be mobile app + backend. I am using SQL auth (and SQL store for all modules also), using MSSQL via ODBC. I have some questions I didnt find answered in docs.
Do I understand correctly, that ejabberd is multi-tenant (since it can support multiple domains). If so, how are users assigned to particular tenant (domain)? In users table in DB, there is only username (without domain part). Can I have two different users john#jabber.myproject.com and john#jabber.myotherproject.net ?
I want to create XMPP accounts on ejabberd automatically (user doesnt need to know anything about underlaying service) - do I need to register users via API, or can I insert rows directly into DB table users and ejabberd will be OK with it?
In users table in DB, there is only username (without domain part). Can I have two different users john#jabber.myproject.com and john#jabber.myotherproject.net ?
Create a new database for each vhost, and use the host_config option in ejabberd.yml to tell which database to use for each vhost:
https://docs.ejabberd.im/admin/configuration/#database-and-ldap-configuration
Or you can enable the new SQL schema, see https://blog.process-one.net/ejabberd-18-03/
do I need to register users via API, or can I insert rows directly into DB table users and ejabberd will be OK with it?
Both are acceptable. In the second case, there are chances that some task performed at account registration is missing in your server, but I don't remember any module that performs any task at account registration. So, it looks OK.
I am creating a MYSQL database. I want to be able to have a table that is essentially a live link to an MSAccess database used elsewhere in the business. That would provide the core users/clients information and then I would use that to drive the functionality within the new database. I can connect MSAccess in MySQL or import it, but is there a way to do it as a linked table into MySQL
Edit: Just to make it clear- the MYSQL needs to pull the data from the MSAccess dB
Business wise you have to make a feed API online that gets information from the mysql DB in feeds form (either json or xml).
second step is to read from the feeds and insert or update your data in the MSAccess
Using MySQL Workbench, I created an ERD and database schema. I've deployed the database to my production server and have live data.
I now need to modify my schema. Instead of making changes on the live server database, I would like to modify the ERD, test it, and then create a modify script to deploy on the production server. Obviously, I do not wish to loose data, and thus cannot drop a table or column and then add new ones.
Is this possible to do with MySQL workbench? If so, how?
This is possible and it's called "Synchronization". This is a two-way merge between a model and a live database. Synchronization doesn't touch the data in the schema, but as usual, when you modify a db structure (removing tables or columns) the associated data is lost, regardless how you do that. So take care for proper backups.
I have databases in my system and also put database on web server also, so when I update my system database data I ll have to then replace or add data into web database.
but
problem is that I am doing changes in database to some specific record frequently for testing purpose.
So I want some mechanism that will used to export some specific records to sql file with insert statement.
Suppose I have made change in table tbl1 and added 10 records to it.
So right now I am manually adding or replacing whole table on web database.
So is there any mechanism in MySql or in Workbench using that I can export specific records.
Any Help for that.
The only automatic solution is to use replication, but that is probably not a good solution for your scenario. So what remains is some manual process. Here are some ideas:
Write a script that writes specific records into a dump file.
Then use a different script to load this dump file into your
target server.
If you frequently change the same records you could create a script
with insert statements that you edit for each new value and run
against both your local and your remote (web) server.