SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


DTS Hashing


DTS Hashing

Author
Message
Alex-217289
Alex-217289
SSC Veteran
SSC Veteran (267 reputation)SSC Veteran (267 reputation)SSC Veteran (267 reputation)SSC Veteran (267 reputation)SSC Veteran (267 reputation)SSC Veteran (267 reputation)SSC Veteran (267 reputation)SSC Veteran (267 reputation)

Group: General Forum Members
Points: 267 Visits: 3
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/aKersha/dtshashing.asp


Cheers,

Alex


Rogue DBA
mark hutchinson
mark hutchinson
SSC Veteran
SSC Veteran (252 reputation)SSC Veteran (252 reputation)SSC Veteran (252 reputation)SSC Veteran (252 reputation)SSC Veteran (252 reputation)SSC Veteran (252 reputation)SSC Veteran (252 reputation)SSC Veteran (252 reputation)

Group: General Forum Members
Points: 252 Visits: 446
This is an encryption of the password, not a hash. The term 'hash' connotes a one-way process.



Jonathan Stokes
Jonathan Stokes
SSCrazy
SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)SSCrazy (2.4K reputation)

Group: General Forum Members
Points: 2361 Visits: 1
You will find that this encryption actually points to the current version of the dts package.

If you change the package over time, eventually the link gets lost and the encryption code will not work.

I speak from experience here. Especially happens when saving as another name and then saving back as the original name, which some testers do at times.


------------------------------
The Users are always right - when I'm not wrong!
Paul Smith-221741
Paul Smith-221741
Say Hey Kid
Say Hey Kid (692 reputation)Say Hey Kid (692 reputation)Say Hey Kid (692 reputation)Say Hey Kid (692 reputation)Say Hey Kid (692 reputation)Say Hey Kid (692 reputation)Say Hey Kid (692 reputation)Say Hey Kid (692 reputation)

Group: General Forum Members
Points: 692 Visits: 334

Much better way is to use integrated security. You just need a /E on the end then


LP-181697
LP-181697
SSC Veteran
SSC Veteran (272 reputation)SSC Veteran (272 reputation)SSC Veteran (272 reputation)SSC Veteran (272 reputation)SSC Veteran (272 reputation)SSC Veteran (272 reputation)SSC Veteran (272 reputation)SSC Veteran (272 reputation)

Group: General Forum Members
Points: 272 Visits: 143
Agreed with previous comments. I always using -E switch to get an integrated security.
Sean Law
Sean Law
SSC-Enthusiastic
SSC-Enthusiastic (148 reputation)SSC-Enthusiastic (148 reputation)SSC-Enthusiastic (148 reputation)SSC-Enthusiastic (148 reputation)SSC-Enthusiastic (148 reputation)SSC-Enthusiastic (148 reputation)SSC-Enthusiastic (148 reputation)SSC-Enthusiastic (148 reputation)

Group: General Forum Members
Points: 148 Visits: 1
Can you guys elaborate on integrated security or point me in a direction to learn more about this? Thanks.

Also, as a side not another way I have created the DTS execute command is through the dtsrunui utility. This also allows for more customization with logging and such.
JohnMarks
JohnMarks
SSC Veteran
SSC Veteran (231 reputation)SSC Veteran (231 reputation)SSC Veteran (231 reputation)SSC Veteran (231 reputation)SSC Veteran (231 reputation)SSC Veteran (231 reputation)SSC Veteran (231 reputation)SSC Veteran (231 reputation)

Group: General Forum Members
Points: 231 Visits: 569
Integrated security = Windows NT Security. From books on line: The login is created in Microsoft Windows NT® 4.0 or Windows® 2000 rather than in SQL Server. This login is then granted permission to connect to an instance of SQL Server. The login is granted access within SQL Server.

SQL Server achieves login security integration with Windows NT 4.0 or Windows 2000 by using the security attributes of a network user to control login access. A user's network security attributes are established at network login time and are validated by a Windows domain controller. When a network user tries to connect, SQL Server uses Windows-based facilities to determine the validated network user name. SQL Server then verifies that the person is who they say they are, and then permits or denies login access based on that network user name alone, without requiring a separate login name and password.



Lee Smith
Lee Smith
SSC Rookie
SSC Rookie (33 reputation)SSC Rookie (33 reputation)SSC Rookie (33 reputation)SSC Rookie (33 reputation)SSC Rookie (33 reputation)SSC Rookie (33 reputation)SSC Rookie (33 reputation)SSC Rookie (33 reputation)

Group: General Forum Members
Points: 33 Visits: 10

If you have a job that runs multiple dts packages, the process you have documented would be long and laborious....

I generally use the DTSRUNUI.exe executable...

1) >start>Run>DTSRUNUI
2) Specify SQL Server you want to get encrypted command for and the login credentials you want the job to use to run.
3) click the "..." next to package name
4) Click the "advanced" button
5) Specify variables if you want to...
6) Click the bullet for "Encrypt the command"
7) Click the "Generate" button
8) copy n' paste the line of text that is generated into the step of your dts package...

Wahlah, nice and easy... DTSRUNUI is seperate from enterprise manager, so you can have both apps up at the same time...


David Kirzner
David Kirzner
Valued Member
Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)

Group: General Forum Members
Points: 57 Visits: 49

Thanks for the tip.

Can this encrypted command line be used as the Data Source on the Linked Server Properties sheet, (when implementing the Package as a linked server this is the equivalent of the dtsrun command-line). This is important to us as the Data Source is stored as open text in the database ???


Dennis Link
Dennis Link
SSC Journeyman
SSC Journeyman (90 reputation)SSC Journeyman (90 reputation)SSC Journeyman (90 reputation)SSC Journeyman (90 reputation)SSC Journeyman (90 reputation)SSC Journeyman (90 reputation)SSC Journeyman (90 reputation)SSC Journeyman (90 reputation)

Group: General Forum Members
Points: 90 Visits: 16

I agree with the other posters regarding the use of the /E option. The key to making this work is to remember the security context. In the case mentioned here, the job will run as the user logged in to the SQL Server Agent. If the DTS package utilizes resources across the network, it may be necessary to set up the SQL Server Agent account with a domain level account.

We run hundreds of DTS packages this way. We tried running with the method mentioned here and found it to be a maintenance nightmare because you can't be sure which package is actually being run.





Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search