Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

DTS Hashing Expand / Collapse
Author
Message
Posted Wednesday, November 30, 2005 12:22 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, June 9, 2009 8:13 AM
Points: 75, Visits: 3
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/aKersha/dtshashing.asp


Cheers,

Alex


Rogue DBA
Post #240865
Posted Monday, December 19, 2005 10:03 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Saturday, November 29, 2014 2:36 PM
Points: 42, Visits: 382
This is an encryption of the password, not a hash.  The term 'hash' connotes a one-way process.


Post #245440
Posted Tuesday, December 20, 2005 4:16 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Friday, August 3, 2007 2:55 AM
Points: 928, Visits: 1
You will find that this encryption actually points to the current version of the dts package.

If you change the package over time, eventually the link gets lost and the encryption code will not work.

I speak from experience here. Especially happens when saving as another name and then saving back as the original name, which some testers do at times.




------------------------------
The Users are always right - when I'm not wrong!
Post #245482
Posted Tuesday, December 20, 2005 5:24 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Friday, September 19, 2014 1:45 AM
Points: 434, Visits: 313

Much better way is to use integrated security. You just need a /E on the end then

 

Post #245490
Posted Tuesday, December 20, 2005 7:28 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Monday, January 30, 2012 5:12 AM
Points: 40, Visits: 143
Agreed with previous comments. I always using  -E switch to get an integrated security.
Post #245518
Posted Tuesday, December 20, 2005 7:33 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, July 14, 2006 12:01 PM
Points: 102, Visits: 1
Can you guys elaborate on integrated security or point me in a direction to learn more about this? Thanks.

Also, as a side not another way I have created the DTS execute command is through the dtsrunui utility. This also allows for more customization with logging and such.


Post #245520
Posted Tuesday, December 20, 2005 7:52 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: 2 days ago @ 9:41 AM
Points: 64, Visits: 491
Integrated security = Windows NT Security. From books on line: The login is created in Microsoft Windows NT® 4.0 or Windows® 2000 rather than in SQL Server. This login is then granted permission to connect to an instance of SQL Server. The login is granted access within SQL Server.

SQL Server achieves login security integration with Windows NT 4.0 or Windows 2000 by using the security attributes of a network user to control login access. A user's network security attributes are established at network login time and are validated by a Windows domain controller. When a network user tries to connect, SQL Server uses Windows-based facilities to determine the validated network user name. SQL Server then verifies that the person is who they say they are, and then permits or denies login access based on that network user name alone, without requiring a separate login name and password.



Post #245533
Posted Tuesday, December 20, 2005 8:33 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, August 25, 2008 8:09 AM
Points: 5, Visits: 10

If you have a job that runs multiple dts packages, the process you have documented would be long and laborious....

I generally use the DTSRUNUI.exe executable...

1) >start>Run>DTSRUNUI 
2) Specify SQL Server you want to get encrypted command for and the login credentials you want the job to use to run.
3) click the "..." next to package name
4) Click the "advanced" button
5) Specify variables if you want to...
6) Click the bullet for "Encrypt the command"
7) Click the "Generate" button
8) copy n' paste the line of text that is generated into the step of your dts package...

Wahlah, nice and easy... DTSRUNUI is seperate from enterprise manager, so you can have both apps up at the same time...

Post #245552
Posted Tuesday, December 20, 2005 8:52 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, July 7, 2014 1:40 PM
Points: 3, Visits: 46

Thanks for the tip.

Can this encrypted command line be used as the Data Source on the Linked Server Properties sheet, (when implementing the Package as a linked server this is the equivalent of the dtsrun command-line). This is important to us as the Data Source is stored as open text in the database ???

Post #245563
Posted Tuesday, December 20, 2005 10:40 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Thursday, April 23, 2009 12:56 PM
Points: 20, Visits: 16

I agree with the other posters regarding the use of the /E option.  The key to making this work is to remember the security context.  In the case mentioned here, the job will run as the user logged in to the SQL Server Agent.  If the DTS package utilizes resources across the network, it may be necessary to set up the SQL Server Agent account with a domain level account.

We run hundreds of DTS packages this way.  We tried running with the method mentioned here and found it to be a maintenance nightmare because you can't be sure which package is actually being run.




Post #245621
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse