Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


DTS Hashing


DTS Hashing

Author
Message
Alex-217289
Alex-217289
SSC Journeyman
SSC Journeyman (77 reputation)SSC Journeyman (77 reputation)SSC Journeyman (77 reputation)SSC Journeyman (77 reputation)SSC Journeyman (77 reputation)SSC Journeyman (77 reputation)SSC Journeyman (77 reputation)SSC Journeyman (77 reputation)

Group: General Forum Members
Points: 77 Visits: 3
Thank you all for your comments!

True, this is not a true hash but I needed something to title the article. I'll be more careful in the future.

I also use the DTSRUNUI property sheet which is much more flexible. There are too many options though to describe in a short article so forgive the omission.

The use of the /E option is another way to do this but is against our security policy to use trusted server connections. Several of you made a good point regarding the use of the "hash" is only good for a point in time run. If ANY change is made to the DTS package, the process must be re-run to get a new string.

Again, thanks for your input. I'll be writing frequently and welcome all your feedback!

Alex Kersha


Cheers,

Alex


Rogue DBA
darren.green
darren.green
Valued Member
Valued Member (69 reputation)Valued Member (69 reputation)Valued Member (69 reputation)Valued Member (69 reputation)Valued Member (69 reputation)Valued Member (69 reputation)Valued Member (69 reputation)Valued Member (69 reputation)

Group: General Forum Members
Points: 69 Visits: 1

I second the DTSRunUI suggestion, it is a much easier way of getting a command line. /E is also good practice. Also be aware that the right-click schedule job, it uses the credentials you use for the server registration in EM, so if you use SQL security in EM, that is what is used, so changing passwords are also an issue. Since almost all cases of schedule packages refer to a package stored on the same saerver as SQL Agent, is there any need to use the encrypted command line? Using trusted security (/E) means you can skip the encryption, and go with visibility and ease of management. There are countless posts on the newsgroups, "How do I tell what package this is?" when using the encrypted version. Just to top it off, there are cracks out on the web to decrypt this command line.



Darren Green
SQLDTS.com | SQLIS.com | Konesans Ltd
uday
uday
SSC Rookie
SSC Rookie (37 reputation)SSC Rookie (37 reputation)SSC Rookie (37 reputation)SSC Rookie (37 reputation)SSC Rookie (37 reputation)SSC Rookie (37 reputation)SSC Rookie (37 reputation)SSC Rookie (37 reputation)

Group: General Forum Members
Points: 37 Visits: 32

I agree with most responses that the encrypted string is more of a convenience factor than addressing security. Executing the package using Windows/AD integrated security would truly constitute security in my view.

Regards,

Uday





R M Buda
R M Buda
SSC-Enthusiastic
SSC-Enthusiastic (175 reputation)SSC-Enthusiastic (175 reputation)SSC-Enthusiastic (175 reputation)SSC-Enthusiastic (175 reputation)SSC-Enthusiastic (175 reputation)SSC-Enthusiastic (175 reputation)SSC-Enthusiastic (175 reputation)SSC-Enthusiastic (175 reputation)

Group: General Forum Members
Points: 175 Visits: 300
I agree with most posters here.

The recommended solution should be to use integrated security and do not encrypt the command line.

The encrypted command line means the "good guys" cannot tell what is going on and have difficulty maintaining the system.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search