November 24th, 2008 by Gabriel

A connection string is a string which contains information about a data source and its connectivity.
Connection string is always passed to a driver or provider which initiate the actual database connection.
It includes the attributes like name of the driver, server/host address, database name, security information like user name and password.
The format of a connection string is a semicolon-delimited list of key/value parameter pairs.

Following is a sample SQL database connection string :-

<add name=”SampleConnectionString” connectionString=”Data Source=AAAAAA;Initial Catalog=BBBBBB;User ID=CCCCCC;Password=DDDDDD” providerName=”System.Data.SqlClient” />

Where :
AAAAAA : Your server’s actual IP address.
BBBBBB : Your database’s actual Name.
CCCCCC : Your database’s actual Username.
DDDDDD : Your database’s actual Password.

October 14th, 2008 by Gabriel

Microsoft SQL server 2005 has been designed to be more secure with many features that increase the degree of protection.
Authentication, Authorization and encryption are the key features.

Authentication :-

Mixed and windows authentication are the two authentication modes supported by SQL 2005.

In Windows Authentication mode access is given based on a security token assigned during successful domain logon by a Windows account, which obviously have full access to SQL server. The Windows authentication mode only allows you to login/connect to SQL Server with Windows authentication. Windows Authentication is for the environment that all of your users are part of a Windows domain. Your access to SQL Server is controlled and authenticated when you log on to the Windows operating system. If you are a member of Windows’ administrator group then you should be able to use Windows Authentication to connect to SQL Server.
When a user connects through a Windows user account, SQL Server validates the account name and password using the Windows principal token in the operating system. This means that the user identity is confirmed by Windows. SQL Server does not ask for the password, and does not perform the identity validation.

The mixed authentication mode stipulates that the SQL Server authentication be done on the verification of credentials stored and maintained by the SQL Server. The logins are created in SQL Server that are not based on Windows user accounts.Users connecting using SQL Server Authentication must provide their credentials (login and password) every time that they connect.

Password Complexity :-

1. The length of the password used,
2. The type of characters that can be used like special characters, alphabets, numbers etc.
3. System reserved words should not be allwed to use,
4. Non blank password should be disallowed

Password Expiration :-
Password Expiration is determined by the value of “Maximum password age” group policy setting. The group policy settings are defined using the CREATE_LOGIN T_SQL statements.The password expiration and policy for individual accounts can be obtained from the SQL Server Management Studio interface.

Lockout Behavior :-
Lockout behavior is determined by the values assigned to “Account lockout duration”, “Account lockout threshold” and “Reset account lockout counter after” settings.

Authorization :-
Authorization features determine the level of access rights/previleges assigned to a user.
SQL 2005 allows separation of user schema objects and database objects.A schema is nothing but group of objects so that the set of objects in a schema can be treated as a unit for owning permissions.For example Execute permissions can be allowed on a role of stored procedures.

October 10th, 2008 by Gabriel

Here are some useful tools that help us in configuring IIS server and track the problematic web sites easily :

1. IIS Passwords Sync:

IIS 6.0 web sites run under anonymous user accounts. It is IUSR_<machine name> (by default) or other user accounts created by your web hosting control panel. The users’ passwords are set automatically set and are never known. However, sometimes for some reason the passwords get out of sync or corrupted and need to be reset. The easiest way to reset these passwords is to use IIS Passwords Sync program. It extracts the passwords that Microsoft IIS 6.0 has in its metabase and updates the accounts in “Local Users and Groups” to use that passwords.

Download link - http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1742

2. IIS Pool:

With IIS Pool tool we can easily search the problematic sites which have default application pool.

IIS Application Pools Monitoring and Analysis:

This program allows monitoring of IIS 6 application pools. All the monitoring data is stored in log files. It is possible to analyze a pool to find a website (or a virtual application) using too much resources. …

Overview -

IIS Application Pools Monitoring and Analysis:

* This program allows monitoring of IIS 6 application pools.

* All the monitoring data is stored in log files.

* It is possible to analyze a pool to find a website (or a virtual application) using too much resources.

Features -

* IIS application pools monitoring

* IIS application pools analysis

* Find websites using too much resources

Download link - http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1728

3. IIS Report:

Overview -

IIS Report is a command line tool. It allows us to create different IIS related reports. For example it can get the list of all SSL websites and sort it by IP address, or get the list of all websites and sort it by application pool name and then by website name, …

There is no installation required. Just download and unrar the archive file. Then start the program with:

C:\>iisreport.exe /?

to get more information and see all the parameters available.

Benefits -

* Easy-to-use

* Fast

* It is possible to import the reports with Excel

* It is possible to parse the reports with VBS or BAT programs and other administration applications.

Download link - http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1730