I need to connect to a MS SQL DB located on a computer on a remote network and pull data off the DB into my own environment. I want to do this in the most secure way possible, and I'm looking for guidance on how to pull it off.
I'm thinking Python will be the language of choice here, but just doing some initial reading and came across this link describing setting up protocols, opening ports, etc:
https://technet.microsoft.com/en-us/library/ms345343(v=sql.110).aspx
I've also seen this python library, pymssql.
I need to know the following:
What configuration changes would need to be made on the local computer in order to make the DB accessible, again, securely and preferably to me only.
Is the above linked python library going to be the best method for this? If so, what security considerations do I need to ensure I've accounted for?
In order to be the only one able to access the MySQL server, you need to setup the firewall in the remote SQL server to accept ingoing SQL connections only from localhost and from your IP Address.
I can't help you with the librabry choise beacause I never had a Microsoft SQL server, anyway, the advice I gave you above should be fine for every kind of security problem
Related
Can someone else connect to my SQL Server using my Windows Authentication or am I the only one? I saw that there is an option for "allow remote connections" in SSMS, so I'm wondering if someone has my connection credentials, such as server name and database, can they connect to it?
Is the server name "sensitive information" or does it not matter? I'm wondering because I always get hesitant typing out my server name which is DESKTOP-xxxxx (x in place of the actual numbers, which is the thing I'm not sure is sensitive or not)
example:
conn = pyodbc.connect('Driver={ODBC Driver 17 for SQL Server};'
'Server=DESKTOP-xxxxxx;' **<--------is this sensitive info?**
'Database=Test_Database;' **<--------is this sensitive info?**
'Trusted_Connection=yes;')
Ignore the SSMS allow remote connection option. Per the documentation:
This configuration option is an obscure SQL Server to SQL Server
communication feature that is deprecated
Use SQL Server Configuration Manager to view, enable, or disable protocols as desired. Remote TCP/IP and Named pipes are disabled by default.
If someone besides you knows your Windows credentials, you have bigger issues. Although they will not be able to connect to SQL Server remotely when the protocols are disabled, they could still get to your database via other means (e.g. RDP into your machine and access SQL Server locally).
The name of your machine could be considered sensitive but it's easily discoverable (e.g. DNS). You generally want multiple layers, which include firewalls and surface area reduction (e.g. disabled RDP), and perhaps obfuscation (non-standard SQL ports) as well for protecting particularly sensitive data.
I have a bit of an open ended questions for you all. I wish to create a simple chat-room such as this example here: https://www.geeksforgeeks.org/simple-chat-room-using-python/ but I am lost as how to do it over the internet rather than just local network.
Any pointers/help would be appricated!
Thanks :)
There are multiple ways about this. You can either:
Run locally and expose your Python chat system to the internet.
Run your Python chat system in some online server provider (Heroku, AWS, etc.).
The first method requires you to do some port-forwarding on your local network, essentially mapping your 127.0.0.1:8081 local server to your public IP (so you would connect via the internet as myip:8081). This method, however, comes with its limitations; when you turn off your computer you are also effectively turning off your server to the rest of the internet. The second method will ensure the server stays on at all times, and is likely what you are looking for. Heroku is a great starting point as they provide a free tier that you can test everything out.
I'm trying to build a simple python server that a client can connect to without the client having to know the exact portnumber. Is that even possible? The thought is to choose a random portnumber and using it for clients to connect.
I know you could use bind(host, 0) to get a random port number and socket.getsockname()[1] within the server to get my portnumber. But how could my client get the portnumber?
I have tried socket.getnameinfo() but I don't think I understand how that method really works.
In order to do that the server must listen on a certain port(s).
This means the client(s) will need to interact on these ports with it.
So... no it is impossible to do that on some random unknown port.
You need to advertise the port number somehow. Although DNS doesn't do that (well, you could probably cook up some resource record on the server object, but that's not really done) there are many network services that do. LDAP like active directory (you need write rights), DNS-SD dns service discovery, universal plug and play, service location protocol, all come to mind. You could even record the port number on some web page somewhere and have the client read it.
Take a look at Zeroconf, it seems to be the path to where you are trying to get to.
Hey I was wondering if anyone knew how to connect to a bitcoin wallet located on another server with bitcoinrpc
I am running a web program made in django and using a python library called bitcoinrpc to make connections.
When testing locally, I can use bitcoinrpc.connect_to_local), or even bitcoinrpc.connect_to_remote('account','password') and this works as well as long as the account and password match the values specified in my 'bitcoin.conf' file. I can then use the connection object to get values and do some tasks in my django site.
The third parameter in connect_to_local is default localhost. I was wondering:
A) What to specify for this third parameter in order to connect from my webserver to the wallet stored on my home comp (is it my IP address?)
B) Because the wallet is on my PC and not some dedicated server, does that mean that my IP will change and I won't be able to access the wallet?
C) The connection string is in the django app - which is hosted on heroku. Heroku apps are launched by pushing with git but I believe it is to a private repository. Still, if anyone could see the first few lines of my 'view' they would have all they need to take my BTC (or, more accurately, mBTC). Anyone know how bad this is - or any ways to go about doing btc payments/movements in a more secure way.
Thanks a lot.
I'm currently doing something very similar (heroku using express/nodejs instead of django/python tho) so I will try to share my thoughts.
In spite of using other library and other language, all the wallet remote libraries should be primarily a wrapper around JSON RPC (remote procedure call) API, which is actually the same for most of the coins out there (i would say all, but that would be a wild guess).
Specifically to your questions:
A)
To access the wallet from outside, use your external ip (fastest way to find it is to query google for it). Depending on your ISP you hopefully have static external address. You must provide this address to bitcoin.conf file under rpcallowip= option to allow incomming connections.
Moreover you should forward the used port in your home router (usually under NAT settings) to your local machine so the incoming connection from the server is allowed and redirected to your wallet computer.
There is one important thing to consider (https://en.bitcoin.it/wiki/Running_Bitcoin):
By default, only RPC connections from localhost are allowed. Specify
as many rpcallowip= settings as you like to allow connections from
other hosts (and you may use * as a wildcard character).
NOTE: opening up the RPC port to hosts outside your local
trusted network is NOT RECOMMENDED, because the rpcpassword
is transmitted over the network unencrypted.
I am yet to look into it further, from this comment alone it seems totally unusable for monetary transactions.
B)
As I said before, it depends on your home ISP, type of connection and the service provided to you.
C)
If I understand correctly from a django point of view, as long as the login parameters (username/password) are inside a view (views.py of your app) and the debug mode is turned off, source code of the server should not be publicly accessible. But the security concern from A still applies.
You can use SSL with RPC to hide the password.
rpcssl=1
If this has been asked, I apologize in advance, I couldn't find the right answer, although I've found similar questions.
I'm trying to connect to a SQL Server 2008 DB by using it's IP / Port using trusted connection.
One additional point of complexity is: The database is outside of the US and usually we log in via Citrix. After logging into citrix, it uses our windows credentials (not sure if that impacts the issue).
I have tried several different types of connection strings
Driver=SQL Server
Driver=SQL Native Client
Driver=SQL Server Native Client 10.0
I've also tried differen't formats of including the port, as well as messing with the Network Library when using the IP route.
I was hoping someone could help me understand 2 things.
1) (Most importantly) How do I figure out how to properly connect without simple trial and error. I tried checking connectionstrings.com but that didn't really help all that much. I haven't been able to find anything online.
2) If someone can help me out with connection string.
Here's an example of what I'm doing:
cn = pyodbc.connect(r'DRIVER={SQL Native Client};Server=1.1.3.4,1234;Network Library=DBMSSOCN;Initial Catalog=Test;UID=DOM\me;Pwd=pass')
Any help/guidance is much appreciated.
You don't need to specify a user or password if you want to use a trusted connection, instead use the paramater Trusted_Connection=yes. See here for the documentation.
Something like this has worked for me in the past:
cn = pyodbc.connect('DRIVER={SQL Native Client};
Server=1.1.3.4; DATABASE=mydb;
Trusted_Connection=yes;')
Find here some explanation, relevant links, and sample code.