SQL Server Management Studio could not save the configuration of as server a Secondary

Dear All,
Day before yesterday when I was implementing Log Shipping on my production server then I got a new error which was “SQL Server Management Studio could not save the configuration of as 192.168.1.101 a Secondary. (Microsoft SQL Server Management Studio) “.
I did search on Google for this but unable to find solution then at last I just got an idea from SQL Server central’s forum http://www.sqlservercentral.com.
I just ran following command
SELECT   @@SERVERNAME ,  serverproperty(‘servername’)
Select * from sysservers where server_id = 0
What I found the server instance name was different then Machine name. In general we keep machine name and SQL server instance name same.
So I got impression to change SQL Server name for this I did following steps

1) Run  SQL statement   sp_removeserver “servername” to  remove  existing server name
2) Run  SQL statement sp_addserver “serverName”,Local to add new server name
3) Restart  SQL server Services
After this I tried SQL Server Log shipping, it was implemented successfully.

Thanks & Regards
Rajat Jaiswal

Advertisements

Hack SQL Injection with prevention (Secure your web site )

Dear All,
I am always curios about hacking not in destructive manner but how to prevent my sites from hacking.
So one of the thing which I want to share with you is “SQL Injection “. SQL Injection is a unique way by which you can play with database of the site.
Firstly I give you a brief introduction about SQL injection and then I will provide you information how to prevent your site by SQL injection.
So SQL injections are just like SQL statements or we can say combination of SQL statements which can be used as destructive manner by hackers.
And you cannot believe how SQL Server is powerful. With the help of” xp_cmdShell “command then end user (hacker) can crash your server too. With the help of “xp_cmdShell” you can do many things like delete file, delete dir, shutdown even format too.
So first let me show you basic example
Suppose you have login screen
Hacking
on which you have done following code to validate user on
protected void btnLogin_Click(object sender, EventArgs e)
{
String connectionString = ConfigurationManager.ConnectionStrings[“ConnectionString”].ConnectionString;
SqlConnection sqlcon = new SqlConnection(connectionString);
SqlCommand sqlcmd = new SqlCommand();
sqlcmd.CommandText = “SELECT * FROM tblUser WHERE strUserName ='” + txtUserName.Text + “‘ AND strPassword ='” + txtPassword.Text + “‘”;
sqlcmd.CommandType = CommandType.Text;
sqlcmd.Connection = sqlcon;
SqlDataAdapter sda = new SqlDataAdapter();
sda.SelectCommand = sqlcmd;
DataSet ds = new DataSet();
sda.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
Response.Write(“Valid user”);
}else{
Response.Write(“Invalid user”);
}
}

Now if you see here we have directly used txtUserName, and txtPassword value here.

Now if end user enters following value as shown your screen.
SQL Injection
Now put break point on your sqlcommand statement and see what value going on.
You will find following SQL command.
SELECT * FROM tblUser WHERE strUserName =’Rajat’ OR ‘1’ =’1’ AND password =’test’ OR ‘1’ =’1’
Now when you run this command in your SQL Browser you will be surprised that it returns all the Records. So this is power of SQL injection with just “OR “statement.

Prevent hacking
Now if you have aware of SQL Server than you understand “;” (semicolon) & — (dash dash) means.
“;” semicolon means current statement is completed and — (dash dash) means comment.
So suppose, if I enter semicolon combination with update command on my username password screen then what happen
SELECT * FROM tblUser WHERE strUserName =’RAJAT’ OR ‘1’=’1’ ; update tblUser set password =’’; —

Other than this a hacker can user various combination like this.

Now question came in your mind how to prevent this.
So here are the basic things by which you can prevent your site by SQL injections
1) Apply check for special character on login form textbox
2) Use storedprocedures
3) Use encrypted password
I hope you will be more secure programmer now so enjoy secure sites.

In future i will provide you how a hacker can hack your site and how can you prevent your site.

Thanks
Rajat Jaiswal