Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 


 
     
Recent Posts
   
Popular Topics
Home   
Search
    Members    Calendar    Who's On

Home » Article Discussions » Article Discussions by Author » Discuss Content Posted by Alex Kersha » DTS Hashing
Add to briefcase
14 posts, Page 2 of 2
««12

DTS Hashing Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
Alex-217289
Posted Tuesday, December 20, 2005 1:26 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, June 09, 2009 8:13 AM
Points: 75, Visits: 3
Thank you all for your comments!

True, this is not a true hash but I needed something to title the article. I'll be more careful in the future.

I also use the DTSRUNUI property sheet which is much more flexible. There are too many options though to describe in a short article so forgive the omission.

The use of the /E option is another way to do this but is against our security policy to use trusted server connections. Several of you made a good point regarding the use of the "hash" is only good for a point in time run. If ANY change is made to the DTS package, the process must be re-run to get a new string.

Again, thanks for your input. I'll be writing frequently and welcome all your feedback!

Alex Kersha

Cheers,

Alex


Rogue DBA
Post #245690
darren.green
Posted Tuesday, December 20, 2005 1:30 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Friday, May 05, 2006 1:47 PM
Points: 69, Visits: 1

I second the DTSRunUI suggestion, it is a much easier way of getting a command line. /E is also good practice. Also be aware that the right-click schedule job, it uses the credentials you use for the server registration in EM, so if you use SQL security in EM, that is what is used, so changing passwords are also an issue. Since almost all cases of schedule packages refer to a package stored on the same saerver as SQL Agent, is there any need to use the encrypted command line? Using trusted security (/E) means you can skip the encryption, and go with visibility and ease of management. There are countless posts on the newsgroups, "How do I tell what package this is?" when using the encrypted version.  Just to top it off, there are cracks out on the web to decrypt this command line.

Darren Green
SQLDTS.com   |   SQLIS.com   |   Konesans Ltd
Post #245694
uday
Posted Tuesday, December 20, 2005 8:51 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, May 08, 2013 5:12 AM
Points: 37, Visits: 32

I agree with most responses that the encrypted string is more of a convenience factor than addressing security.  Executing the package using Windows/AD integrated security would truly constitute security in my view.

Regards,

Uday

 


Post #245745
Renato Buda-153382
Posted Friday, December 22, 2006 6:25 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Sunday, June 09, 2013 8:29 AM
Points: 139, Visits: 218
I agree with most posters here.

The recommended solution should be to use integrated security and do not encrypt the command line.

The encrypted command line means the "good guys" cannot tell what is going on and have difficulty maintaining the system.
Post #332477
« Prev Topic | Next Topic »

Add to briefcase
14 posts, Page 2 of 2
««12

Permissions Expand / Collapse

 
 
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.