I'm making queries from a MS SQL server using Python code (Pymssql library) however I was wondering if there was any way to make the connection secure and encrypt the data being sent from the server to python?
Thanks
Yes, it can.
You need FreeTDS which supports SSL via OpenSSL. If you happened to use Linux (or Docker on Windows), it's quite easy to install standalone FreeTDS in Debian:
apt-get update
apt-get install freetds-bin freetds-dev
pip install pymssql
Don't use pymssql with bundled FreeTDS library, it does not support SSL apparently. The bundled library is used when you set env variable PYMSSQL_BUILD_WITH_BUNDLED_FREETDS=1 before installing pymssql.
pymssql certainly claims to be able to work with encrypted connections to the SQL Server (via OpenSSL). One reason why some might believe it to be impossible is that Windows releases of pymssql versions prior to 2.1.2 were shipped with pymssql statically linked to FreeTDS for unencrypted connections only.
Starting with version 2.1.2, the Windows release of pymssql is shipped dynamically linked to FreeTDS so it can support both unencrypted connections (via FreeTDS alone) or encrypted connections (via FreeTDS and OpenSSL). For details – and an important update re: versions 2.1.3 and later – see the related answer here.
If you want to connect SQL server using secured connection using pymssql then you need to provide "secure" syntax in your host..
for e.g.
unsecured connection host : xxx.database.windows.net:1433
secured connection host : xxx.database.secure.windows.net:1443
Unfortunately there's no way, but you could use pyodbc.
Related
I am trying to build an application in python which will use Oracle Database installed in corporate server and the application which I am developing can be used in any local machine.
Is it possible to connect to oracle DB in Python without installing the oracle client in the local machine where the python application will be stored and executed?
Like in Java, we can use the jdbc thin driver to acheive the same, how it can be achieved in Python.
Any help is appreciated
Installing oracle client, connect is possible through cx_Oracle module.
But in systems where the client is not installed, how can we connect to the DB.
You can use JDBC
"""
Connect from Python to Oracle via JDBC
Get JDBC-driver here: https://download.oracle.com/otn/utilities_drivers/jdbc/193/ojdbc8-full.tar.gz
Python 3.7.4
conda install -c conda-forge jaydebeapi==1.1.1 --force-reinstall -y
conda install -c conda-forge JPype1==0.6.3 --force-reinstall -y
"""
import jpype
import jaydebeapi
JHOME = jpype.getDefaultJVMPath()
jpype.startJVM(JHOME, '-Djava.class.path=/ojdbc8-full/ojdbc8.jar')
con = jaydebeapi.connect('oracle.jdbc.driver.OracleDriver',
'jdbc:oracle:thin:user/pass#host_ip:1521:SID')
cur = con.cursor()
cur.execute('select dummy from dual')
r = cur.fetchall()
print(r[0][0])
cur.close()
con.close()
It is not correct that java can connect to oracle without any oracle provided software.
It needs a compatible version of ojdbc*.jar to connect. Similarly python's cx_oracle library needs oracle instant-client software from oracle to be installed.
Instant client is free software and has a small footprint.
Installing Oracle client is a huge pain. Could you instead create a Webservice to a system that does have OCI and then connect to it that way? This might end being a better solution rather than direct access.
I am unable to connect to our enterprise Oracle Db using python 3/cx_Oracle.
Installed are:
python 3 -32 bit
cx_Oracle
Oracle Client 12.1.0.2.0
My connection string attempt is:
import cx_Oracle
conn = cx_Oracle.connect(user='user', password='pwd', dsn='working_dsn')
My PATH variable includes the direct path to my working Oracle library (works using SQL Dev
Error message is:
cx_Oracle.DatabaseError: DPI-1050: Oracle Client library is at version 0.0 but must be at version 11.2 or higher
I have researched the Orcale installation instructions and have found no way to connect. I have previously tried with no success, had my computer reimaged and Oracle reinstalled to ensure only one version of Oracle and still no success. I need to move from R to Python and this is the last piece I need to make the switch. I am able to connect with R using JDBC driverclass/dbConnect.
If cx_Oracle wont work, is there another option for connecting to Oracle from Python3?
Any thoughts suggestions or places to look? Other connection types used?
Thanks in advance.
pip3 install cx_Oracle
first method:
db = cx_Oracle.connect('root/root#localhost: 1523/orcl')
Second method:
db = cx_Oracle.connect('root/root#localhost: 1523/orcl')
Third method
makedsn(IP/HOST, PORT, TNSNAME)
dsn = cx_Oracle.makedsn('localhost','1523','orcl')
db = cx_Oracle.connect('root','root',dsn)
The error you are getting suggests that you have an older version of the Oracle client installed on your machine. Search the directories of your PATH environment variable for OCI.DLL. If you find an older version you'll need to remove or rename it -- just be aware that whatever application put the file there will stop working!
Another possibility is to go to a command prompt and do the following
PATH=my_path_to_instant_client;%PATH%
python test_connect.py
Finally, make sure that if your Python is 32-bit, so is your instant client installation, and if your Python is 64-bit, make sure that your instant client installation is also 64-bit.
I wanna connect to Oracle 8i Database using Python2.7 or Python3.6 as I am not an Oracle guy so I need your help on this.
I am having following scenario:
My Database server is located at remote location.
I have to connect with that database through either version of Python2.7 or Python3.6.
After connection I just wants to do as normal queries.
Things which I have already done is:
cx_Oracle library 6.2 version installed.
Oracle instant Client libraries installed and using these libraries I am able to connect from Oracle 9i to Oracle 12c.
Now I just wants to make connection with Oracle 8i database.
thank you.
Uh, Oracle 8 ... where did you manage to find that fossil?
Anyway: this page says that you should use "OJDBC and JayDeBeApi" which works with databases
supported by Oracle's JDBC drivers (currently 8.1.7 to 11.2.0.2.0)
There's some more info, so - have a look.
Working on a python app on Mac (Yosemite OSX 10.10) I ran into this issue:
OperationalError: (2049, "Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled)")
With a bit of research it seemed that my client (that is mysql-python) is using secure auth and the user had a password encrypted in an old style, that is prior to pre-4.1.1.
As I do not have ways to handle things on the DB side I was wondering if there was a workaround or a way to deactivate secure_auth on mysql-python?
I am adapting the answer from here:
Eventually you have to tell the client who has an old-style password to change it to a new-style password. Old passwords are not secure.
Now, you are getting the error since the client has secure_auth set, but they have an old password. In order to login with the old password, the client must disable secure_auth on the client side. How exactly you do this varies by which client you're using.
Some other workarounds can be found in the MySQL documentation: Client does not support authentication protocol
I found a cure!
Or rather a workaround. From this post I decided to select slightly older version of MySQL and MySQLdb and this solved the issue.
Here is how I did it:
I had previously installed mysql_python for my python and had the brew version of mysql installed.
I deteleted all of that.
I look for a way to install MySQLdb by looking for it last stable version with the source.
I compiled them (followed the isntructions here), installed them and then I looked for a stable version of MySQL client (MySQL website is the best place for that) and install the 5.5 version which was perfectly fitting my requirements.
I made mysql to launch itself automatically and then restarted my computer (but you can just restart apache) and check that all path were correct and the right includes are in the right places (you can check that against the link above).
And now it all works fine!
Hope it helps.
Is there any way to connect to an MS SQL Server database with python on linux using Windows Domain Credentials?
I can connect perfectly fine from my windows machine using Windows Credentials, but attempting to do the same from a linux python with pyodbs + freetds + unixodbc
>>import pyodbc
>>conn = pyodbc.connect("DRIVER={FreeTDS};SERVER=servername;UID=username;PWD=password;DATABASE=dbname")
results in this error:
class 'pyodbc.Error'>: ('28000', '[28000] [unixODBC][FreeTDS][SQL Server]Login incorrect. (20014) (SQLDriverConnectW)')
I'm sure the password is written correctly, but I've tried many different combinations of username:
DOMAIN\username
DOMAIN\\username
or even
UID=username;DOMAIN=domain
to no avail. Any ideas?
As of at least March 2013, this seems to work out of the box with FreeTDS. I specified the TDS protocol version for good measure--not sure if that makes the difference:
connStr = "DRIVER={{FreeTDS}};SERVER={0};PORT=1433;TDS_Version=7.2;UID={1}\\{2};PWD={3}".format(hostname, active_directory_domain, username, password)
Integrated authentication also appears to be supported in Microsoft's official driver for linux: http://msdn.microsoft.com/en-us/library/hh568450.aspx . I'm not sure how many Linux distributions it actually works on or how much of the source is available. They explicitly mention RHEL 5 and 6 and some dependencies on the download page.
As pointed out in one of the comments, this answer is quite stale by now. I regularly and routinely use GSSAPI to authenticate from Linux to SQL Server 2008 R2 but mostly with the EasySoft ODBC manager and the (commercial) EasySoft ODBC SQL Server driver.
In early 2009, a colleague and I managed to connect to a SQL Server 2005 instance from Solaris 10 using GSSAPI (Kerberos credentials) using DBB::Perl over a FreeTDS build linked against a particular version of the MIT kerberos libraries. The trick was -- and this is a little bit difficult to believe but I have verified it by looking through the FreeTDS source code -- to specify a zero-length user_name. If the length of the user_name string is 0 then the FreeTDS code will attempt to use GSSAPI (if that support has been compiled in). I have not been able to do this via Python and pyodbc as I could not figure out a way of getting ODBC to pass down a zero-length user_name.
Here in the perl code .. there are multiple opportunities for breakage wrt configuration files such as .freetds.conf etc. I seem to recall that the principal had to be in uppercase but my notes seem to be in disagreement with that.
$serverprincipal = 'MSSQLSvc/foo.bar.yourdomain.com:1433#YOURDOMAIN.COM';
$dbh = DBI->connect("dbi:Sybase:server=THESERVERNAME;kerberos=$serverprincipal", '', '');
You will have to know how to use the setspn utility in order to get the SQL Server server to use the appropriate security principal name.
I do not have any knowledge of the kerberos side of things because our environment was set up by an out and out Kerberos guru and has fancy stuff like mutual trust set up between the AD domain that the SQL Server is running in and the Kerberos domain that my client was running in.
There is some code http://code.google.com/p/libsqljdbc-auth/ which does GSSAPI authentication from Linux to SQL Server but it is Java only. The author (who seems to know his stuff) also has contributed a similar patch to the jTDS project which works with more recent versions of Java that have GSSAPI built in.
So the pieces are all there, it is just a big tangled mess trying to get them all to work together. I found the pyodbc to unixODBC to FreeTDS odbc to TDS integration pretty hard to trace/debug. The perl stuff because it was a pretty thin wrapper on top to CT-Lib was much easier to get going.
Probably a bit too late to help you out - but I encountered the same issue. At the time of writing, the latest version of pyodbc allows me to login with windows credentials. Just leave the UID field blank in your connection string like so:
cnxn = pyodbc.connect('DRIVER={SQL Server};SERVER=myserverinstance;DATABASE=mydatabase;UID=;PWD=mypassword')
Now this is using your existing windows credentials when you're logged on... not sure how to specify any arb windows domain credentials...
I haven't done it in a while, but I remember the whole unixodbc + FreeTDS + pyodbc thing being a little tricky. However, it can be done, and once setup it's not that hard.
This website provides very good instructions:
http://www.pauldeden.com/2008/12/how-to-setup-pyodbc-to-connect-to-mssql.html (archived copy on Web Archive)
Also, in my experience pyodbc had issues compiling/running on 64 bit Linux machines. Because of that we eventually used ceODBC. ceODBC isn't quite as stable as pyodbc (encountered more unexpected bugs than in pyodbc when running in python prorgram), but it is very easy to get up and running on Linux 64 bit.
I don't believe you'll be able to log in to a windows domain account in this way. You need to set up a user in sql directly for this manner of passing credentials.