Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

DTS Hashing Expand / Collapse
Author
Message
Posted Tuesday, December 20, 2005 1:26 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, June 09, 2009 8:13 AM
Points: 75, Visits: 3
Thank you all for your comments!

True, this is not a true hash but I needed something to title the article. I'll be more careful in the future.

I also use the DTSRUNUI property sheet which is much more flexible. There are too many options though to describe in a short article so forgive the omission.

The use of the /E option is another way to do this but is against our security policy to use trusted server connections. Several of you made a good point regarding the use of the "hash" is only good for a point in time run. If ANY change is made to the DTS package, the process must be re-run to get a new string.

Again, thanks for your input. I'll be writing frequently and welcome all your feedback!

Alex Kersha



Cheers,

Alex


Rogue DBA
Post #245690
Posted Tuesday, December 20, 2005 1:30 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Friday, May 05, 2006 1:47 PM
Points: 69, Visits: 1

I second the DTSRunUI suggestion, it is a much easier way of getting a command line. /E is also good practice. Also be aware that the right-click schedule job, it uses the credentials you use for the server registration in EM, so if you use SQL security in EM, that is what is used, so changing passwords are also an issue. Since almost all cases of schedule packages refer to a package stored on the same saerver as SQL Agent, is there any need to use the encrypted command line? Using trusted security (/E) means you can skip the encryption, and go with visibility and ease of management. There are countless posts on the newsgroups, "How do I tell what package this is?" when using the encrypted version.  Just to top it off, there are cracks out on the web to decrypt this command line.



Darren Green
SQLDTS.com   |   SQLIS.com   |   Konesans Ltd
Post #245694
Posted Tuesday, December 20, 2005 8:51 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, May 08, 2013 5:12 AM
Points: 37, Visits: 32

I agree with most responses that the encrypted string is more of a convenience factor than addressing security.  Executing the package using Windows/AD integrated security would truly constitute security in my view.

Regards,

Uday

 




Post #245745
Posted Friday, December 22, 2006 6:25 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, April 16, 2014 10:14 PM
Points: 146, Visits: 236
I agree with most posters here.

The recommended solution should be to use integrated security and do not encrypt the command line.

The encrypted command line means the "good guys" cannot tell what is going on and have difficulty maintaining the system.
Post #332477
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse