This is the pymysql code I am using to connect to the database. I am testing with an AWS RDS Mysql instance with Mysql verison 5.7.22. I am getting the certificate from https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
pymysql.connect(secret_dict['host'], user=secret_dict['username'],
passwd=secret_dict['password'], port=port, db=dbname,
connect_timeout=5, ssl={'ca': './rds-combined-ca-bundle.pem'})
This code works with my test database with the user with ssl enabled and the user wo ssl enabled. - (Via ALTER USER 'encrypted_user'#'%' REQUIRE SSL; )
My question is is this pymysql behavior that I am seeing true of any MySQL verison database or documented anywhere? The behavior I am referring to is that if you add the ssl option to the connect call, it should work (successful connection) regardless or not the actual user has SSL required on it. I prefer not to test with every Mysql version :)
From taking a look at the pymysql code, what it seems to do is check if there are any ssl parameters associated with the request, adds it to an ssl map, and then creates a ctx_object from that ssl map and uses that ctx_ object when initializing a socket with the database.
Just found this on the Mysql 7 documentation guide
"On the server side, the --ssl option specifies that the server permits but does not require encrypted connections. This option is enabled by default, so it need not be specified explicitly."
"By default, MySQL client programs attempt to establish an encrypted connection if the server supports encrypted connections, with further control available through the --ssl-mode option:"
"In the absence of an --ssl-mode option, clients attempt to connect using encryption, falling back to an unencrypted connection if an encrypted connection cannot be established. This is also the behavior with an explicit --ssl-mode=PREFERRED option."
"PREFERRED: Establish an encrypted connection if the server supports encrypted connections, falling back to an unencrypted connection if an encrypted connection cannot be established. This is the default if --ssl-mode is not specified."
So I believe what's happening is that pymysql doesn't specify the ssl-mode option so the ssl client side mode being used is PREFERRED which means that the client(pymysql) will try to establish an ssl connection(which I think fails because the user doesn't require it) and then fallback to the unencrypted connection which will be successful.
EDIT for present day readers
This was a bug in an old version of DBeaver that was subsequently fixed.
I am getting an 'access denied' error trying to connect to a Google Cloud SQL MySQL instance with SSL in DBeaver.
I am able to:
connect to the server with the same SSL credentials in MySQL Workbench
connect without SSL credentials (through user name / password) in DBeaver.
Any suggestions why this might be?
You can add connection with SSL support, at least in latest version for today (5.1). Create connection as usual, then skip testing and go to next step, then on SSL tab select "Require SSL" and unselect other checkboxes if selected, then test the connection.
in dbeaver the ssl connection configuration is available but it is not working and it is not implemented, it took me a day to find out that this is because of dbeaver bug. If you need to connect through ssl to Postgres, you can use 'DataGrip' instead.
As mentioned here:
https://dbeaver.io/forum/viewtopic.php?f=2&t=1921
'Currently DBeaver doesn't support SSL connections out of the box.
You could try to configure it manually if you are familiar with Java (instructions are at https://jdbc.postgresql.org/documentati ... lient.html).
Easy SSL support is in TODO and will be added in one of next versions.'
I get to do access database in DBeaver updating only useSSL = true in Driver Properties. See the picture:
Verify if the useSSL property is set to TRUE in data-sources.json. In windows its path is path-to-user/AppData\Roaming\DBeaverData\workspace6\General\.dbeaver\data-sources.json.
I had a similar issue. I am using DBeaver version Version 22.1.0.202206051253.
I noticed even though the driver properties would show useSSL=true, it was not set.
As a result, it throws Access denied for user xxxxxx-XXXXX'#'XXX:XX:X:X' (using password: YES).
In 'Connection Settings' navigate to 'Driver Properties' check whether the 'useSSL' value is 'true' or 'false'. If 'false' make it 'true' and finish.
If value is 'true' first make it 'false' and again change value to 'true'. Then try to connect to databse. It should be success. Most of time that useSSL value not getting correctly by json file. Hence this will update it again.
Let me begin by saying, I am aware of this thread and others around the web that seek to trouble shoot this issue.
The solutions posted there do not apply to my issue. I have spent 5 hours trying to resolve this before deciding to ask the question.
The problem:
When I attempt to log into SSMS (or connect from a java application) using SQL Authentication I get this error:
A connection was successfully established with the server, but then an
error occurred during the login process. (provider: Shared Memory
Provider, error: 0 - No process is on the other end of the pipe.)
(Microsoft SQL Server, Error: 233)
Although it does work, it is not an option for me to use integreated authentication.
The database I am attempting to connect to is on the same machine as my SSMS instance. There is no network, this is a stand-alone system.
NAMED PIPES is ENABLED in my configuration, I HAVE rebooted since, TCP IP is a higher priority than named pipes in my configuration.
I have even gone as far as to uninstall SQL Server and reinstall it, to no avail.
The details of my SQL Server instance are as follows:
Microsoft SQL Server Management Studio - 10.0.2531.0
Microsoft Analysis Services Client Tools - 10.0.1600.22
Microsoft Data Access Components (MDAC) - 6.1.7601.17514
Microsoft MSXML - 3.0 5.0 6.0
Microsoft Internet Explorer - 9.0.8112.16421
Microsoft .NET Framework - 2.0.50727.5466
Operating System - 6.1.7601
Configuration details are as follows:
http://i45.tinypic.com/vxdz7c.png
http://i45.tinypic.com/vxdz7c.jpg
I connect from java using this code.
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
String connectionUrl = "jdbc:sqlserver://localhost;database=AdventureWorks;integratedSecurity=false;User=JIMBO; Password=JIMBO;";
Connection con = DriverManager.getConnection(connectionUrl);
But please remember, this error also occurs when I atttempt to log in to SSMS directly.
Thanks in advance.
-Jim
To force TCP/IP being used replace localhost with 127.0.0.1 in your connection string.
As you are using a username and password make sure SQL authentication is enabled. By default only Windows integrated is enabled on sqlserver 2008.
With SqlServer authentication keep in mind that a password policy is in place to enforce security.
Forcing the TCP/IP connection (by providing 127.0.0.1 instead of localhost or .) can reveal the real reason for the error. In my case, the database name specified in connection string was incorrect.
So, here is the checklist so far:
Make sure Named Pipe is enabled in configuration manager (don't forget to restart the server).
Make sure SQL Server Authentication (or Mixed Mode) is enabled.
Make sure your user name and password are correct.
Make sure the database you are connecting to exists.
My resolution was to login using the Windows Login then go to security>Logins locate the troubled ID And retype the used password. The restart the services...
Adding "user instance=False" to connection string solved the problem for me.
<connectionStrings>
<add name="NorthwindEntities" connectionString="metadata=res://*/Models.Northwind.csdl|res://*/Models.Northwind.ssdl|res://*/Models.Northwind.msl;provider=System.Data.SqlClient;provider connection string="data source=.\SQLEXPRESS2008R2;attachdbfilename=|DataDirectory|\Northwind.mdf;integrated security=True;user instance=False;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
This problem was caused for me by this error which appeared just prior in the application error log.
"A read operation on a large object failed while sending data to the client. A common cause for this is if the application is running in READ UNCOMMITTED isolation level. This connection will be terminated."
I was storing PDFs in a SQL table and when attempting to SELECT from that table it spit out that error, which resulted in the error mentioned in your question.
The solution was to delete the columns that had large amounts of text, in my case Base64 encoded files.
perhaps this comes too late, but still it could be nice to "document it" for others out there.
I received the same error after experimenting and testing with Remote Desktop Services on a MS Server 2012 with MS SQL Server 2012.
During the Remote Desktop Services install one is asked to create a (local) certificate, and so I did. After finishing the test/experiments I removed the Remote Desktop Services. That's when this error appeared (I cannot say whether the error occured during the test with RDS, I don't remember if I used/tried the SQL Connection during the RDS test).
I am not sure how to solve this since the default certificate does not work for me, but the "RDS" certificate does.
BTW, the certificates are found in App: "SQL Server Configuration Manager" -> "SQL Server Network Configuration" -> Right click: "Protocols for " -> Select "Properties" -> Tab "Certificate"
My default SQL Certificate is named: ConfigMgr SQL Server Identification Certificate, has expiration date: 2114-06-09.
Hope this can give a hint to others.
/Kim
For me it was because only Windows Authentication was enabled. To change security authentication mode. In SQL Server Management Studio Object Explorer, right-click the server, and then click Properties. On the Security page, under Server authentication, select the new server authentication mode, and then click OK.
Change Server Authentication Mode - MSDN - Microsoft
https://msdn.microsoft.com/en-AU/library/ms188670.aspx
This Might help as reference
I had the same issue, after multiple trial of suggested solution on this site and others, I found a solution for my scenario. The account was locked out
How to Check if the account is Locked out...
Login to the server using higher privileged account (like SA or admin rights)
Expand security ==> select the login name ==>open the property window of the login ==> select the status page on the property window
Make sure This 3 Things
1, permission to connect database is GRANTED
2, Login is ENABLED
3, Status
SQL server authentication
Login is not locked out (Uncheck the box)
Thanks
Tsige
I just executed connection.close() by adding it as first statement and it was solved. Then i removed the line.
One follow up to this. I had installed SQL Server 2014 with only Windows Authentication. After enabling Mixed Mode, I couldn't log in with a SQL user and got the same error message as the original poster. I verified that named pipes were enabled but still couldn't log in after several restarts. Using 127.0.0.1 instead of the hostname allowed me to log in, but interestingly, required a password reset prompt on first login:
Once I reset the password the account worked. What's odd, is I specifically disabled password policy and expiration.
Another cause is if the user's default database is unavailable.
I had an account that was used for backing up two databases. When the backup user's default database was taken off-line, the "no process on the other end of the pipe" error started.
Came here looking for a solution to a similar issue, which I just introduced by changing Schannel settings of our IIS server using "IIS Crypto" by Nartac... By disabling the SHA-1 hash, the local SQL Server was not able to be reached anymore, even though I didn't use an encrypted connection (not useful for an ASP.Net site accessing a local SQL Express instance using shared memory).
Thanks Count Zero for pointing me in the right direction :-)
So, lesson learned: do not disable SHA-1 on your IIS server if you have a local SQL Server instance.
For me the issue seems to have been caused by power failure. Restarting the server computer solved it.
I am trying to make the connection to a remote mysql database in CloverETL Designer (Community Version)
Documentation with examples on this subject seem fragmented so I have tried to piece the bits together but I'm not use if they are correct. I would be grateful for any suggestions or further clarification on this subject.
Here is what I have so far:
The SSL Certificate
As an alternative VPN connection the server guys passed me the raw CA certificate, which I saved as a .crt file in the conn folder of the CloverETL workspace.
CloverETL Connections
I created a new DB connection and tested it was working without SSL
In the graph window I created a simple graph
Switching to Source View I added the parameter attribute to the connection code like this:
<Connection database="MYSQL" dbURL="jdbc:mysql://hostname/database_name" id="JDBC0" jdbcSpecific="MYSQL" name="CPM" parameters="ssl=${WORKSPACE}/conn/mysql_cpm_cert.crt" password="password" type="JDBC" user="username"/>
Then I tested the connection to the database by creating new metadata from a DB table
The problem is that I don't know if the connect is now secure or not.
Here's the list of resources that I used to piece together the information:
components:bulkloaders:mysql_data_writer [CloverETL wiki]
MySQL :: MySQL 5.0 Reference Manual :: 6.3.6.3 SSL Command Options
Thanks
CPM
Your setup almost certainly does not use ssl. Both links you posted are not usable - first describes bulk loader and second connection via command line client. But what you need is to configure JDBC. So I would use http://dev.mysql.com/doc/refman/5.0/en/connector-j-reference-configuration-properties.html section "Security."
I would set:
useSSL=true
requireSSL=true
You will do that by adding items in table (Custom JDBC properties) on second tab (Advanced) of Connection Wizard. In source it should appear like "jdbc.useSSL=true jdbc.requireSSL=true" not "parameters=".
Then connection should fail, because in your default java key store is missing your certificate. It can be imported via http://docs.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html section "Importing Certificates"
I hope this helps.
I'm building a website with EF4.1 and MVC3 (C#). Trying to find out what the proper way to remove the password from the connection string is. I've done some searching and can't seem to find anything that tells how to remove the password from the connection string.
I'm actually working on two different sites at the moment. One is hosted on GoDaddy and is using their SQL Server db. The other is hosted here at work and will be using SQL Server 2005.
Lastly, is it possible to do the database first code generation with a MySQL database? I'm personally more comfortable with MySQL and prefer it to SQL Server, but have had issues getting this to work.
If you should need any additional information please let me know.
You should probably encrypt your web.config connection strings before deploying it to the server.
AFAIK, if you connect to your server using SQL Server Authentication, the connection string needs the username and password. If your app and db servers had domain trust, you can use integrated mode / windows authentication / identity impersonate to have a password-less connection string. But most service providers don't let you do this -- they use SQL Server Authentication to keep customers out of their domain.
Either way, there is more sensitive information in the connection string than just the password. You should encrypt the whole <connectionStrings> node.