(Securing Access to the Data).sql

CREATE DATABASE SecurityChapter
GO
Use SecurityChapter
GO
-----------------------------------------------------------
-- Database Security Overview; Impersonation
-----------------------------------------------------------
CREATE LOGIN system_admin WITH PASSWORD = 'tooHardToEnterAndNoOneKnowsIt'
EXEC sp_addsrvrolemember 'system_admin','sysadmin'
GO
CREATE LOGIN louis with PASSWORD = 'reasonable', DEFAULT_DATABASE=tempdb

--Must execute in Master Database
USE MASTER
GRANT IMPERSONATE ON LOGIN::system_admin TO louis;
GO

--Disconnect and connect as Louis
GO
USE AdventureWorks2008
GO
EXECUTE AS LOGIN = 'system_admin'
GO
USE AdventureWorks2008
SELECT user as [user], system_user as [system_user],
       original_login() as [original_login]
GO
REVERT --go back to previous context
GO
USE SecurityChapter
GO

REVERT
SELECT user
GO

SELECT object_name(major_id), permission_name, state_desc,
        user_name(grantee_principal_id) as Grantee
FROM   sys.database_permissions
WHERE  objectproperty(major_id,'isTable') = 1
  AND  objectproperty(major_id,'isMsShipped') = 0
GO
--------------------------------------------------------------------------------
-- Database Security Overview; Controlling Access to Objects; Table Security
--------------------------------------------------------------------------------
--You may need to reconnect as the sysadmin...

--start with a new schema for this test
CREATE SCHEMA TestPerms
GO

CREATE TABLE TestPerms.TableExample
(
    TableExampleId int identity(1,1)
                   CONSTRAINT PKTableExample PRIMARY KEY,
    Value   varchar(10)
)
GO
CREATE USER Tony WITHOUT LOGIN
GO
EXECUTE AS USER = 'Tony'
INSERT INTO TestPerms.TableExample(Value)
VALUES ('a row')
GO

REVERT
GRANT INSERT on TestPerms.TableExample to Tony

EXECUTE AS USER = 'Tony'
INSERT INTO TestPerms.TableExample(Value)
VALUES ('a row')
GO

SELECT TableExampleId, value
FROM   TestPerms.TableExample
GO

REVERT
GRANT SELECT on TestPerms.TableExample to Tony
GO

--------------------------------------------------------------------------------
-- Database Security Overview; Controlling Access to Objects; Table Security
--------------------------------------------------------------------------------

CREATE USER Employee WITHOUT LOGIN
CREATE USER Manager WITHOUT LOGIN

GO
CREATE SCHEMA Products
go
CREATE TABLE Products.Product
(
    ProductId   int identity CONSTRAINT PKProduct PRIMARY KEY,
    ProductCode varchar(10) CONSTRAINT AKProduct_ProductCode UNIQUE,
    Description varchar(20),
    UnitPrice   decimal(10,4),
    ActualCost  decimal(10,4)
)
INSERT INTO Products.Product(ProductCode, Description, UnitPrice, ActualCost)
VALUES ('widget12','widget number 12',10.50,8.50),
       ('snurf98','Snurfulator',99.99,2.50)

GO
GRANT SELECT on Products.Product to employee,manager
DENY SELECT on Products.Product (ActualCost) to employee
GO
EXECUTE AS USER = 'manager'
SELECT  *
FROM    Products.Product
GO
REVERT --revert back to SA level user or you will get an error that the
       --user cannot do this operation because it is unclear if the employee
       --user actually exists
GO
EXECUTE AS USER = 'employee'
GO
SELECT *
FROM   Products.Product
GO

SELECT ProductId, ProductCode, Description, UnitPrice
FROM   Products.Product

GO

------------------------------------------------------------------------------------------------
-- Database Security Overview; Controlling Access to Objects; Roles; Standard Database Roles
------------------------------------------------------------------------------------------------
GO
SELECT is_member('HRManager')
GO
IF (SELECT is_member('HRManager')) = 0 or (SELECT is_member('HRManager')) is null
       SELECT 'I..DON''T THINK SO!'
GO
REVERT
CREATE USER Frank WITHOUT LOGIN
CREATE USER Julie WITHOUT LOGIN
CREATE USER Rie WITHOUT LOGIN
GO
CREATE ROLE HRWorkers

EXECUTE sp_addrolemember 'HRWorkers','Julie'
EXECUTE sp_addrolemember 'HRWorkers','Rie'
GO


CREATE SCHEMA Payroll

CREATE TABLE Payroll.EmployeeSalary
(
    EmployeeId  int,
    SalaryAmount decimal(12,2)

)
GRANT SELECT ON Payroll.EmployeeSalary to HRWorkers
GO

EXECUTE AS USER = 'Frank'

SELECT *
FROM   Payroll.EmployeeSalary
GO


REVERT
EXECUTE AS USER = 'Julie'

SELECT *
FROM   Payroll.EmployeeSalary

GO

REVERT
DENY SELECT ON payroll.employeeSalary TO Rie

EXECUTE AS USER = 'Rie'
SELECT *
FROM   payroll.employeeSalary
GO
REVERT
--note, this query only returns rows for tables where the user has SOME rights
SELECT  table_schema + '.' + table_name as tableName,
        has_perms_by_name(table_schema + '.' + table_name, 'object', 'SELECT')
                                                               
                                                                 as allowSelect
FROM    information_schema.tables

GO
CREATE TABLE TestPerms.BobCan
(
    BobCanId int identity(1,1) CONSTRAINT PKBobCan PRIMARY KEY,
    Value varchar(10)
)
CREATE TABLE TestPerms.AppCan
(
    AppCanId int identity(1,1) CONSTRAINT PKAppCan PRIMARY KEY,
    Value varchar(10)
)
GO
CREATE USER Bob WITHOUT LOGIN
GO
GRANT SELECT on TestPerms.BobCan to Bob
GO
CREATE APPLICATION ROLE AppCan_application with password = '39292ljasll23'
GO
GRANT SELECT on TestPerms.AppCan to AppCan_application
GO

EXECUTE AS USER = 'Bob'
GO
SELECT * FROM TestPerms.BobCan
GO
SELECT * FROM TestPerms.AppCan
GO
REVERT
GO
EXECUTE sp_setapprole 'AppCan_application', '39292ljasll23'
go
SELECT * FROM TestPerms.BobCan
GO
SELECT * from TestPerms.AppCan
GO
SELECT user as userName, system_user as login
GO
--Disconnect and reconnect to clear out app role...

Use SecurityChapter
GO
--Note that this must be executed as a single batch because of the variable
--for the cookie
DECLARE @cookie varbinary(8000);
EXECUTE sp_setapprole 'AppCan_application', '39292ljasll23'
              , @fCreateCookie = true, @cookie = @cookie OUTPUT

SELECT @cookie as cookie
SELECT USER as beforeUnsetApprole

EXEC sp_unsetapprole @cookie

SELECT USER as afterUnsetApprole

REVERT --done with this user
GO

------------------------------------------------------------------------------------------------
-- Database Security Overview; Controlling Access to Objects; Roles; Schemas
------------------------------------------------------------------------------------------------
GO

USE AdventureWorks2008
GO
SELECT  type_desc, count(*)
FROM    sys.objects
WHERE   schema_name(schema_id) = 'HumanResources'
  AND   type_desc in ('SQL_STORED_PROCEDURE','CLR_STORED_PROCEDURE',
                      'SQL_SCALAR_FUNCTION','CLR_SCALAR_FUNCTION',
                      'CLR_TABLE_VALUED_FUNCTION','SYNONYM',
                      'SQL_INLINE_TABLE_VALUED_FUNCTION',
                      'SQL_TABLE_VALUED_FUNCTION','USER_TABLE','VIEW')
GROUP BY type_desc
GO
USE SecurityChapter --or your own db if you are not using mine
GO
CREATE USER Tom WITHOUT LOGIN
GRANT SELECT ON SCHEMA::TestPerms To Tom
GO

EXECUTE AS USER = 'Tom'
GO
SELECT * FROM TestPerms.AppCan
GO
REVERT
GO

CREATE TABLE TestPerms.SchemaGrant
(
    SchemaGrantId int primary key
)
GO
EXECUTE AS USER = 'Tom'
GO
SELECT * FROM TestPerms.schemaGrant
GO
REVERT
GO
---------------------------------------------------------------------------------------------
-- Controlling Object Access Via T-SQL Coded Objects; Stored Procedures and Scalar Functions
--------------------------------------------------------------------------------------------

CREATE USER procUser WITHOUT LOGIN
GO

CREATE SCHEMA procTest
CREATE TABLE procTest.misc
(
    Value varchar(20),
    Value2 varchar(20)
)
GO
INSERT INTO procTest.misc
VALUES ('somevalue','secret'),
      ('anothervalue','secret')
GO


CREATE PROCEDURE procTest.misc$select
AS
    SELECT Value
    FROM   procTest.misc
GO
GRANT EXECUTE on procTest.misc$select to procUser
GO

EXECUTE AS USER = 'procUser'
GO
SELECT Value, Value2
FROM   procTest.misc
GO

EXECUTE procTest.misc$select
GO

SELECT  routine_schema + '.' + routine_name as procedureName,
        has_perms_by_name(routine_schema + '.' + routine_name, 'object',
                            'EXECUTE') as allowExecute
FROM    information_schema.routines
WHERE   routine_type = 'PROCEDURE'

REVERT

GO

---------------------------------------------------------------------------------------------
-- Controlling Object Access Via T-SQL Coded Objects;Impersonation Within Objects
--------------------------------------------------------------------------------------------
--this will be the owner of the primary schema
CREATE USER schemaOwner WITHOUT LOGIN
GRANT CREATE SCHEMA to schemaOwner
GRANT CREATE TABLE to schemaOwner

--this will be the procedure creator
CREATE USER procedureOwner WITHOUT LOGIN
GRANT CREATE SCHEMA to procedureOwner
GRANT CREATE PROCEDURE to procedureOwner
GRANT CREATE TABLE to procedureOwner
GO
--this will be the average user who needs to access data
CREATE USER aveSchlub WITHOUT LOGIN
GO


EXECUTE AS USER = 'schemaOwner'
GO
CREATE SCHEMA schemaOwnersSchema
GO
CREATE TABLE schemaOwnersSchema.Person
(
    PersonId    int constraint PKtestAccess_Person primary key,
    FirstName   varchar(20),
    LastName    varchar(20)
)
Go
INSERT INTO schemaOwnersSchema.Person
VALUES (1, 'Phil','Mutayblin'),
       (2, 'Del','Eets')
GO

GRANT SELECT on schemaOwnersSchema.Person to procedureOwner
GO


REVERT --we can step back on the stack of principals,
        --but we can't change directly
        --to procedureOwner. Here I step back to the db_owner user you have
        --used throughout the chapter
GO
EXECUTE AS USER = 'procedureOwner'
GO

CREATE SCHEMA procedureOwnerSchema
GO

CREATE TABLE procedureOwnerSchema.OtherPerson
(
    personId    int constraint PKtestAccess_person primary key,
    FirstName   varchar(20),
    LastName    varchar(20)
)
go
INSERT INTO procedureOwnerSchema.OtherPerson
VALUES (1, 'DB','Smith')
INSERT INTO procedureOwnerSchema.OtherPerson
VALUES (2, 'Dee','Leater')
GO

REVERT
GO
SELECT tables.name as [table], schemas.name as [schema],
       database_principals.name as [owner]
FROM   sys.tables
         join sys.schemas
            on tables.schema_id = schemas.schema_id
         join sys.database_principals
            on database_principals.principal_id = schemas.principal_id
WHERE  tables.name in ('Person','OtherPerson')
GO

EXECUTE AS USER = 'procedureOwner'
GO
CREATE PROCEDURE  procedureOwnerSchema.person$asCaller
WITH EXECUTE AS CALLER --this is the default
AS
SELECT  personId, FirstName, LastName
FROM    procedureOwnerSchema.OtherPerson --<-- ownership same as proc

SELECT  personId, FirstName, LastName
FROM    schemaOwnersSchema.person  --<-- breaks ownership chain
GO

CREATE PROCEDURE procedureOwnerSchema.person$asSelf
WITH EXECUTE AS SELF --now this runs in context of procedureOwner,
                     --since it created it
AS
SELECT  personId, FirstName, LastName
FROM    procedureOwnerSchema.OtherPerson --<-- ownership same as proc

SELECT  personId, FirstName, LastName
FROM    schemaOwnersSchema.person  --<-- breaks ownership chain

GO

GRANT EXECUTE ON procedureOwnerSchema.person$asCaller to aveSchlub
GRANT EXECUTE ON procedureOwnerSchema.person$asSelf to aveSchlub

REVERT; EXECUTE AS USER = 'aveSchlub'
GO

--this proc is in context of the caller, in this case, aveSchlub
EXECUTE procedureOwnerSchema.person$asCaller
GO

--procedureOwner, so it works
execute procedureOwnerSchema.person$asSelf
GO


REVERT
GO
CREATE PROCEDURE dbo.testDboRights
AS
 BEGIN
    CREATE TABLE dbo.test
    (
        testId int
    )
 END
GO

CREATE USER leroy WITHOUT LOGIN
GO
GRANT EXECUTE on dbo.testDboRights to leroy
GO

GO
EXECUTE AS USER = 'leroy'
EXECUTE dbo.testDboRights
GO

REVERT
GO
ALTER PROCEDURE dbo.testDboRights
WITH EXECUTE AS 'dbo'
AS
 BEGIN
    CREATE TABLE dbo.test
    (
        testId int
    )
 END
GO

EXECUTE AS USER = 'leroy'
EXECUTE dbo.testDboRights
GO
REVERT
GO

---------------------------------------------------------------------------------------------
--  Controlling Object Access Via T-SQL Coded Objects;Crossing Database Lines;Cross Database Chaining
--------------------------------------------------------------------------------------------
GO
CREATE DATABASE externalDb
GO
USE externalDb
GO
                                   --smurf theme song :)
CREATE LOGIN smurf WITH PASSWORD = 'La la, la la la la, la, la la la la'
CREATE USER smurf FROM LOGIN smurf
CREATE TABLE dbo.table1 ( value int )
GO
CREATE DATABASE localDb
GO
USE localDb
GO
CREATE USER smurf FROM LOGIN smurf
GO

CREATE PROCEDURE dbo.externalDb$testCrossDatabase
AS
SELECT Value
FROM   externalDb.dbo.table1
GO
GRANT execute on dbo.externalDb$testCrossDatabase to smurf
GO

EXECUTE AS USER = 'smurf'
go
EXECUTE dbo.externalDb$testCrossDatabase
GO
REVERT

GO
ALTER DATABASE localDb
   SET DB_CHAINING ON
ALTER DATABASE localDb
   SET TRUSTWORTHY ON

ALTER DATABASE externalDb
   SET DB_CHAINING ON
GO
SELECT cast(name as varchar(10)) as name,
       cast(suser_sname(owner_sid) as varchar(10)) as owner,
       is_trustworthy_on, is_db_chaining_on
FROM   sys.databases where name in ('localdb','externaldb')
GO
EXECUTE AS USER = 'smurf'
go
EXECUTE dbo.externalDb$testCrossDatabase
GO
REVERT
GO

---------------------------------------------------------------------------------------------
--  Controlling Object Access Via T-SQL Coded Objects;Crossing Database Lines;Using Impersonation to Cross Database Lines
--------------------------------------------------------------------------------------------

ALTER DATABASE localDb
   SET DB_CHAINING OFF
ALTER DATABASE localDb
   SET TRUSTWORTHY ON

ALTER DATABASE externalDb
   SET DB_CHAINING OFF

GO

CREATE PROCEDURE dbo.externalDb$testCrossDatabase_Impersonation
WITH EXECUTE AS SELF --as procedure creator
AS
SELECT Value
FROM   externalDb.dbo.table1
GO
GRANT execute on dbo.externalDb$testCrossDatabase_impersonation to smurf
GO

EXECUTE AS USER = 'smurf'
go
EXECUTE dbo.externalDb$testCrossDatabase_impersonation
GO
REVERT
GO

---------------------------------------------------------------------------------------------
--  Controlling Object Access Via T-SQL Coded Objects;Crossing Database Lines;Using a Certificate-Based User
--------------------------------------------------------------------------------------------
GO
REVERT
GO
USE localDb
GO
ALTER DATABASE localDb
   SET TRUSTWORTHY OFF
GO
SELECT cast(name as varchar(10)) as name,
       cast(suser_sname(owner_sid) as varchar(10)) as owner,
       is_trustworthy_on, is_db_chaining_on
FROM   sys.databases where name in ('localdb','externaldb')
GO


CREATE PROCEDURE dbo.externalDb$testCrossDatabase_Certificate
AS
SELECT Value
FROM   externalDb.dbo.table1
GO
GRANT EXECUTE on dbo.externalDb$testCrossDatabase_Certificate to smurf
GO

CREATE CERTIFICATE procedureExecution ENCRYPTION BY PASSWORD = 'Cert Password'
 WITH SUBJECT = 
         'Used to sign procedure:externalDb$testCrossDatabase_Certificate'
GO
ADD SIGNATURE TO dbo.externalDb$testCrossDatabase_Certificate
     BY CERTIFICATE procedureExecution WITH PASSWORD = 'Cert Password'
GO
BACKUP CERTIFICATE procedureExecution TO FILE = 'c:\temp\procedureExecution.cer'
GO

USE externalDb
GO
CREATE CERTIFICATE procedureExecution FROM FILE = 'c:\temp\procedureExecution.cer'
GO

CREATE USER procCertificate FOR CERTIFICATE procedureExecution
GO
GRANT SELECT on dbo.table1 TO procCertificate

GO

USE localDb
GO
EXECUTE AS LOGIN = 'smurf'
EXECUTE dbo.externalDb$testCrossDatabase_Certificate

GO
REVERT
GO
USE MASTER
GO
DROP DATABASE externalDb
DROP DATABASE localDb
GO
USE SecurityChapter

--------------------------------------------------------------------------------
-- Views and Table-Valued Functions; General Usage
--------------------------------------------------------------------------------
GO
SELECT *
FROM Products.Product
GO
CREATE VIEW Products.allProducts
AS
SELECT ProductId,ProductCode, Description, UnitPrice, ActualCost
FROM   Products.Product
GO
CREATE VIEW Products.WarehouseProducts
AS
SELECT ProductId,ProductCode, Description
FROM   Products.Product
GO
CREATE FUNCTION Products.ProductsLessThanPrice
(
    @UnitPrice  decimal(10,4)
)
RETURNS table
AS
     RETURN ( SELECT ProductId, ProductCode, Description, UnitPrice
              FROM   Products.Product
              WHERE  UnitPrice <= @UnitPrice)
GO
SELECT * FROM Products.ProductsLessThanPrice(20)
GO
CREATE FUNCTION Products.ProductsLessThanPrice_GroupEnforced
(
    @UnitPrice  decimal(10,4)
)
RETURNS @output table (ProductId int,
                       ProductCode varchar(10),
                       Description varchar(20),
                       UnitPrice decimal(10,4))
AS
 BEGIN
    --cannot raise an error, so you have to implement your own
    --signal, or perhaps simply return no data.
    IF @UnitPrice > 100 and (
                             IS_MEMBER('HighPriceProductViewer') = 0
                             or IS_MEMBER('HighPriceProductViewer') is null)
        INSERT @output
        SELECT -1,'ERROR','',-1
    ELSE
        INSERT @output
        SELECT ProductId, ProductCode, Description, UnitPrice
        FROM   Products.Product
        WHERE  UnitPrice <= @UnitPrice
    RETURN
 END
GO
CREATE ROLE HighPriceProductViewer
CREATE ROLE ProductViewer

CREATE USER HighGuy WITHOUT LOGIN
CREATE USER LowGuy WITHOUT LOGIN

EXEC sp_addrolemember 'HighPriceProductViewer','HighGuy'
EXEC sp_addrolemember 'ProductViewer','HighGuy'
EXEC sp_addrolemember 'ProductViewer','LowGuy'
GO
GRANT SELECT ON Products.ProductsLessThanPrice_GroupEnforced TO ProductViewer
GO

EXECUTE AS USER = 'HighGuy'
SELECT * FROM Products.ProductsLessThanPrice_GroupEnforced(10000)
REVERT
GO
EXECUTE AS USER = 'LowGuy'
SELECT * FROM Products.ProductsLessThanPrice_GroupEnforced(10000)
REVERT
GO
--------------------------------------------------------------------------------
-- Views and Table-Valued Functions; Implementing Configurable Row-Level Security with Views
--------------------------------------------------------------------------------
Go
ALTER TABLE Products.Product
   ADD ProductType varchar(20) NULL
GO
UPDATE Products.Product
SET    ProductType = 'widget'
WHERE  ProductCode = 'widget12'
GO
UPDATE Products.Product
SET    ProductType = 'snurf'
WHERE  ProductCode = 'snurf98'
GO
CREATE VIEW Products.WidgetProducts
AS
SELECT ProductId, ProductCode, Description, UnitPrice, ActualCost
FROM   Products.Product
WHERE  ProductType = 'widget'
WITH CHECK OPTION --This prevents the user from entering data that would not
                  --match the view's criteria
GO
SELECT *
FROM   Products.WidgetProducts
GO
CREATE VIEW Products.ProductsSelective
AS
SELECT ProductId, ProductCode, Description, UnitPrice, ActualCost
FROM   Products.Product
WHERE  ProductType <> 'snurf'
   or  (is_member('snurfViewer') = 1)
   or  (is_member('db_owner') = 1) --can't add db_owner to a role
WITH CHECK OPTION
GO
GRANT SELECT ON Products.ProductsSelective to public
GO

CREATE USER chrissy WITHOUT LOGIN
CREATE ROLE snurfViewer
GO
EXECUTE AS USER = 'chrissy'
SELECT * from Products.ProductsSelective
REVERT
GO

execute sp_addrolemember 'snurfViewer', 'chrissy'
GO
EXECUTE AS USER = 'chrissy'
SELECT * from Products.ProductsSelective
REVERT
GO
CREATE TABLE Products.ProductSecurity
(
    ProductsSecurityId int identity(1,1)
                CONSTRAINT PKProducts_ProductsSecurity PRIMARY KEY,
    ProductType varchar(20), --at this point you probably will create a
                             --ProductType domain table, but this keeps the                            
                             --example a bit simpler
    DatabaseRole    sysname,
                CONSTRAINT AKProducts_ProductsSecurity_typeRoleMapping
                            UNIQUE (ProductType, DatabaseRole)
)
GO
INSERT INTO Products.ProductSecurity(ProductType, DatabaseRole)
VALUES ('widget','public')
GO
ALTER VIEW Products.ProductsSelective
AS
SELECT Product.ProductId, Product.ProductCode, Product.Description,
       Product.UnitPrice, Product.ActualCost, Product.ProductType
FROM   Products.Product as Product
         JOIN Products.ProductSecurity as ProductSecurity
            on  (Product.ProductType = ProductSecurity.ProductType
                and is_member(ProductSecurity.DatabaseRole) = 1)
                or is_member('db_owner') = 1 --don't leave out the dbo!
GO

EXECUTE AS USER = 'chrissy'
SELECT *
FROM   PRoducts.ProductsSelective
GO
REVERT
GO

INSERT INTO Products.ProductSecurity(ProductType, databaseRole)
VALUES ('snurf','snurfViewer')
go
EXECUTE AS USER = 'chrissy'
SELECT * from PRoducts.ProductsSelective
REVERT


--------------------------------------------------------------------------------------
-- Obfuscating Data
--------------------------------------------------------------------------------------
SELECT encryptByPassPhrase('hi', 'Secure data')
GO
SELECT decryptByPassPhrase('hi',
   0x010000004D2B87C6725612388F8BA4DA082495E8C836FF76F32BCB642B36476594B4F014)
GO

SELECT cast(decryptByPassPhrase('hi',
     0x010000004D2B87C6725612388F8BA4DA082495E8C836FF76F32BCB642B36476594B4F014)
                                              as varchar(30))

GO
CREATE DATABASE EncryptionMaster
go
USE EncryptionMaster
go
CREATE SCHEMA Security
CREATE TABLE Security.passphrase
(
    passphrase nvarchar(4000) --the max size of the passphrase
)
GO

INSERT  into Security.passphrase
VALUES ('ljlOIUEojljljieo#*JlLjlIu*o7G8i&t87*&Yh[p00') --the more unobvious the
                                                       --better!

GO

CREATE DATABASE CreditInfo
GO
ALTER DATABASE EncryptionMaster  -- we will be using impersonation to keep the
    SET TRUSTWORTHY ON           -- example simple, in practice I would
                                 -- probably use certificates
GO
USE CreditInfo
GO

CREATE SCHEMA Sales
GO
CREATE TABLE Sales.Customer
(
    CustomerId  char(10),
    FirstName   varchar(30),
    LastName    varchar(30),
    CreditCardLastFour char(4),
    CreditCardNumber varbinary(44)
)
GO

CREATE PROCEDURE Customer$insert
(
    @CustomerId  char(10),
    @FirstName   varchar(10),
    @LastName    varchar(10),
    @CreditCardNumber char(16)
)
WITH EXECUTE AS 'dbo'
as

INSERT INTO Sales.Customer (CustomerId,FirstName, LastName, CreditCardLastFour,
                            CreditCardNumber)
SELECT  @CustomerId, @FirstName,@LastName,substring(@CreditCardNumber,13,4),
        encryptByPassPhrase(pass.passPhrase, @CreditCardNumber)
FROM    encryptionMaster.Security.passphrase as pass

GO

EXEC Customer$insert 'cust1','Bob','jones','0000111122223333'
GO

CREATE PROCEDURE Sales.CustomerWithCreditCard
WITH EXECUTE AS 'dbo'
AS
 BEGIN
        SELECT  Customer.CustomerId, FirstName, LastName,
                CreditCardLastFour,
                cast(decryptByPassPhrase(pass.passPhrase,CreditCardNumber)
                             as char(16)) as CreditCardNumber
        FROM    Sales.Customer
                        CROSS JOIN encryptionMaster.Security.passphrase as pass
 END
GO

EXEC Sales.CustomerWithCreditCard
GO

--------------------------------------------------------------------------------------
-- Monitoring and Auditing; Server and Database Audit; Defining an Audit Specification
--------------------------------------------------------------------------------------
Go
USE master
GO
CREATE SERVER AUDIT ProSQLServerDatabaseDesign_Audit
TO FILE                        --choose your own directory, I expect most people
(     FILEPATH = N'c:\temp\' --have a temp directory on their system drive
      ,MAXSIZE = 15 MB
     ,MAX_ROLLOVER_FILES = 0 --unlimited
)
WITH
(
     ON_FAILURE = SHUTDOWN --if the file cannot be written to,
                      --shutdown the server
)
GO

CREATE SERVER AUDIT SPECIFICATION ProSQLServerDatabaseDesign_Server_Audit
    FOR SERVER AUDIT ProSQLServerDatabaseDesign_Audit
    WITH (STATE = OFF) --disabled. we will enable it later
GO

ALTER SERVER AUDIT SPECIFICATION ProSQLServerDatabaseDesign_Server_Audit
    ADD (SERVER_PRINCIPAL_CHANGE_GROUP)

GO

USE SecurityChapter
GO
CREATE DATABASE AUDIT SPECIFICATION
                   ProSQLServerDatabaseDesign_Database_Audit
    FOR SERVER AUDIT ProSQLServerDatabaseDesign_Audit
    WITH (STATE = OFF)
GO

ALTER DATABASE AUDIT SPECIFICATION
ProSQLServerDatabaseDesign_Database_Audit
    ADD (SELECT ON Products.Product BY employee,manager),
    ADD (SELECT ON Products.AllProducts BY public)
GO

USE master
GO
ALTER SERVER AUDIT ProSQLServerDatabaseDesign_Audit
    WITH (STATE = ON)
ALTER SERVER AUDIT SPECIFICATION ProSQLServerDatabaseDesign_Server_Audit
    WITH (STATE = ON)
GO
USE SecurityChapter
GO
ALTER DATABASE AUDIT SPECIFICATION ProSQLServerDatabaseDesign_Database_Audit
    WITH (STATE = ON)
GO


CREATE drop LOGIN MrSmith WITH PASSWORD = 'Not a good password'
GO
EXECUTE AS USER = 'manager'
GO
SELECT *
FROM   Products.Product
GO
SELECT  *
FROM     Products.AllProducts
REVERT
GO
SELECT  *
FROM     Products.AllProducts
GO

SELECT event_time, succeeded,
       database_principal_name,statement
FROM sys.fn_get_audit_file ('c:\temp\*',default,default);
GO

SELECT  sas.name as audit_specification_name,
        audit_action_name
FROM    sys.server_audits as sa
          join sys.server_audit_specifications as sas
             on sa.audit_guid = sas.audit_guid
          join sys.server_audit_specification_details as sasd
             on sas.server_specification_id = sasd.server_specification_id
WHERE  sa.name = 'ProSQLServerDatabaseDesign_Audit'

SELECT --sas.name  as audit_specification_name,
       audit_action_name,dp.name as [principal],
       SCHEMA_NAME(o.schema_id) + '.' + o.name as object
FROM   sys.server_audits as sa
         join sys.database_audit_specifications as sas
             on sa.audit_guid = sas.audit_guid
         join sys.database_audit_specification_details as sasd
             on sas.database_specification_id = sasd.database_specification_id
         join sys.database_principals as dp
             on dp.principal_id = sasd.audited_principal_id
         join sys.objects as o
             on o.object_id = sasd.major_id
WHERE  sa.name = 'ProSQLServerDatabaseDesign_Audit'
  and  sasd.minor_id = 0 --need another query for column level audits
GO

--------------------------------------------------------------------------------------
-- Monitoring and Auditing; Watching Table History Using DML Triggers
--------------------------------------------------------------------------------------
GO
USE SecurityChapter
GO
CREATE SCHEMA Sales
GO
CREATE SCHEMA Inventory
GO
CREATE TABLE Sales.invoice
(
    InvoiceId   int not null identity(1,1) CONSTRAINT PKInvoice PRIMARY KEY,
    InvoiceNumber char(10) not null
                      CONSTRAINT AKInvoice_InvoiceNumber UNIQUE,
    CustomerName varchar(60) not null , --should be normalized in real database
    InvoiceDate smalldatetime not null
)
CREATE TABLE Inventory.Product
(
    ProductId int identity(1,1) CONSTRAINT PKProduct PRIMARY KEY,
    name varchar(30) not null CONSTRAINT AKProduct_name UNIQUE,
    Description varchar(60) not null ,
    Cost numeric(12,4) not null
)
CREATE TABLE Sales.InvoiceLineItem
(
    InvoiceLineItemId int identity(1,1)
                      CONSTRAINT PKInvoiceLineItem PRIMARY KEY,
    InvoiceId int not null,
    ProductId int not null,
    Quantity numeric(6,2) not null,
    Cost numeric(12,4) not null,
    discount numeric(3,2) not null,
    discountExplanation varchar(200) not null,
    CONSTRAINT AKInvoiceLineItem_InvoiceAndProduct
             UNIQUE (InvoiceId, ProductId),
    CONSTRAINT FKSales_Invoice$listsSoldProductsIn$Sales_InvoiceLineItem
             FOREIGN KEY (InvoiceId) REFERENCES Sales.Invoice(InvoiceId),
    CONSTRAINT FKSales_Product$isSoldVia$Sales_InvoiceLineItem
             FOREIGN KEY (InvoiceId) REFERENCES Sales.Invoice(InvoiceId)
    --more constraints should be in place for full implementation
)

GO
CREATE TABLE Sales.InvoiceLineItemDiscountAudit
(
    InvoiceLineItemDiscountAudit  int identity(1,1)
          CONSTRAINT PKInvoiceLineItemDiscountAudit PRIMARY KEY,
    InvoiceId   int,
    InvoiceLineItemId int,
    AuditTime   datetime,
    SetByUserId sysname,
    Quantity numeric(6,2) not null,
    Cost numeric(12,4) not null,
    Discount numeric(3,2) not null,
    DiscountExplanation varchar(300) not null
)

GO

CREATE TRIGGER Sales.InvoiceLineItem$insertAndUpdateAuditTrail
ON Sales.InvoiceLineItem
AFTER INSERT,UPDATE AS
BEGIN

   DECLARE @rowsAffected int,    --stores the number of rows affected
           @msg varchar(2000)    --used to hold the error message

   SET @rowsAffected = @@rowcount

   --no need to continue on if no rows affected
   IF @rowsAffected = 0 return

   SET NOCOUNT ON --to avoid the rowcount messages
   SET ROWCOUNT 0 --in case the client has modified the rowcount
   BEGIN TRY
      --[validation blocks]
      --[modification blocks]
      IF UPDATE(Cost)
         INSERT INTO Sales.InvoiceLineItemDiscountAudit (InvoiceId,
                         InvoiceLineItemId, AuditTime, SetByUserId, Quantity,
                         Cost, Discount, DiscountExplanation)
         SELECT inserted.InvoiceId, inserted.InvoiceLineItemId,
                current_timestamp, suser_sname(), inserted.Quantity,
                inserted.Cost, inserted.Discount,
                inserted.DiscountExplanation

         from   inserted
                   join Inventory.Product as Product
                      on inserted.ProductId = Product.ProductId
         --if the Discount is more than 0, or the cost supplied is less than the
         --current value
         where   inserted.Discount > 0
            or   inserted.Cost < Product.Cost
                      -- if it was the same or greater, that is good!
                      -- this keeps us from logging if the cost didn't actually
                      -- change
   END TRY
   BEGIN CATCH
               IF @@trancount > 0
                     ROLLBACK TRANSACTION

              --or this will not get rolled back
              --EXECUTE dbo.errorLog$insert

              DECLARE @ERROR_MESSAGE varchar(8000)
              SET @ERROR_MESSAGE = ERROR_MESSAGE()
              RAISERROR (@ERROR_MESSAGE,16,1)

     END CATCH
END
GO


INSERT INTO Inventory.Product(name, Description,Cost)
VALUES ('Duck Picture','Picture on the wall in my hotelRoom',200.00),
       ('Cow Picture','Picture on the other wall in my hotelRoom',150.00)

GO

INSERT INTO Sales.Invoice(InvoiceNumber, CustomerName, InvoiceDate)
VALUES ('IE00000001','The Hotel Picture Company','1/1/2005')
GO

INSERT INTO Sales.InvoiceLineItem(InvoiceId, ProductId, Quantity,
                                  Cost, Discount, DiscountExplanation)
SELECT  (SELECT InvoiceId
         FROM   Sales.Invoice
         WHERE  InvoiceNumber = 'IE00000001'),
        (SELECT ProductId
         FROM   Inventory.Product
         WHERE  Name = 'Duck Picture'),  1,200,0,''
GO

SELECT * FROM Sales.InvoiceLineItemDiscountAudit
GO

INSERT INTO Sales.InvoiceLineItem(InvoiceId, ProductId, Quantity,
                                  Cost, Discount, DiscountExplanation)
SELECT  (SELECT InvoiceId
         FROM Sales.Invoice
         WHERE InvoiceNumber = 'IE00000001'),
        (SELECT ProductId
         FROM Inventory.Product
         WHERE name = 'Cow Picture'),
        1,150,.45,'Customer purchased two, so I gave 45% off'

SELECT * FROM Sales.InvoiceLineItemDiscountAudit

--------------------------------------------------------------------------------------
-- Monitoring and Auditing; DDL Triggers; Preventing a DDL Action
--------------------------------------------------------------------------------------
GO
CREATE TRIGGER tr_server$allTableDDL_prevent --note, not a schema owned object
ON DATABASE
AFTER CREATE_TABLE, DROP_TABLE, ALTER_TABLE
AS
 BEGIN
   BEGIN TRY  --note the following line will not wrap
        RAISERROR ('The trigger: tr_server$allTableDDL_prevent must be disabled
                    before making any table modifications',16,1)
   END TRY
   --using the same old error handling
   BEGIN CATCH
              IF @@trancount > 0
                    ROLLBACK TRANSACTION

              --commented out, build from Chapter 6 if desired
              --EXECUTE dbo.errorLog$insert

              DECLARE @ERROR_MESSAGE varchar(8000)
              SET @ERROR_MESSAGE = ERROR_MESSAGE()
              RAISERROR (@ERROR_MESSAGE,16,1)

     END CATCH
END
GO

CREATE TABLE dbo.test  --dbo for simplicity of example
(
    testId int identity CONSTRAINT PKtest PRIMARY KEY
)

--------------------------------------------------------------------------------------
-- Monitoring and Auditing; DDL Triggers; Recording a DDL Action
--------------------------------------------------------------------------------------
GO
--Note: Slight change in syntax to drop DDL trigger, requires clause indicating
--where the objects are
DROP TRIGGER tr_server$allTableDDL_prevent ON DATABASE
GO

--first create a table to log to
CREATE TABLE dbo.TableChangeLog
(
    TableChangeLogId int identity
        CONSTRAINT pkTableChangeLog PRIMARY KEY (TableChangeLogId),
    ChangeTime      datetime,
    UserName        sysname,
    Ddl             varchar(max)--so we can get as much of the batch as possible
)
GO
--not a schema bound object
CREATE TRIGGER tr_server$allTableDDL
ON DATABASE
AFTER CREATE_TABLE, DROP_TABLE, ALTER_TABLE
AS
 BEGIN
   SET NOCOUNT ON --to avoid the rowcount messages
   SET ROWCOUNT 0 --in case the client has modified the rowcount

   BEGIN TRY

        --we get our data from the EVENT_INSTANCE XML stream
        INSERT INTO dbo.TableChangeLog (ChangeTime, userName, Ddl)
        SELECT getdate(), user,
              EVENTDATA().value('(/EVENT_INSTANCE/TSQLCommand/CommandText)[1]',
             'nvarchar(max)')

   END TRY
   --using the same old error handling
   BEGIN CATCH
              IF @@trancount > 0
                     ROLLBACK TRANSACTION

              --From Ch6, get code if you want to enable
              --EXECUTE dbo.errorLog$insert

              DECLARE @ERROR_MESSAGE varchar(8000)
              SET @ERROR_MESSAGE = ERROR_MESSAGE()
              RAISERROR (@ERROR_MESSAGE,16,1)

     END CATCH
END

GO

CREATE TABLE dbo.test
(
    id int
)
GO
DROP TABLE dbo.test
GO

SELECT * FROM dbo.TableChangeLog


--------------------------------------------------------------------------------------
-- Monitoring and Auditing; Logging with Profiler
--------------------------------------------------------------------------------------


CREATE PROCEDURE dbo.Server$Watch
as

--note that we have to do some things because these procedures are very picky
--about datatypes.
declare @traceId int, @retval int,
        @stoptime datetime, @maxfilesize bigint, @filecount int
set @maxfilesize = 10 --MB
set @filecount = 20

--creates a trace, placing the file in the root of the server (clearly you should
--change this location to something that fits your own server standards other than
--the root of the c: drive)
exec @retval =  sp_trace_create @traceId = @traceId output,
                     @options = 2, --rollover to a different file
                                   --once max is reached
                     @tracefile = N'c:\trace.trc',
                     @maxfilesize = @maxfilesize,
                     @stoptime = @stoptime,
                     @filecount = 20

--this is because the fourth parameter must be a bit, and the literal 1 thinks it is
--an integer
declare @true bit
set @true = 1

--then we manually add events
exec sp_trace_setevent @traceID, 12, 1, @true
exec sp_trace_setevent @traceID, 12, 6, @true  --12 = sql:batchstarting
                                               --6 = NTUserName
exec sp_trace_setevent @traceID, 12, 7, @true  --12 = sql:batchstarting
                                               --7=NTDomainName
exec sp_trace_setevent @traceID, 12, 11, @true --12 = sql:batchstarting
                                               --11=LoginName
exec sp_trace_setevent @traceID, 12, 14, @true --12 = sql:batchstarting
                                               --14=StartTime

exec sp_trace_setevent @traceID, 13, 1, @true --13 = sql:batchending
                                              -- 1 = textdata
exec sp_trace_setevent @traceID, 13, 6, @true --13 = sql:batchending 
                                              -- 6=NTUserName
exec sp_trace_setevent @traceID, 13, 7, @true --13 = sql:batchending
                                              -- 7=NTDomainName
exec sp_trace_setevent @traceID, 13, 11, @true --13 = sql:batchending 
                                               --11=LoginName
exec sp_trace_setevent @traceID, 13, 14, @true --13 = sql:batchending
                                               --14=StartTime

--and start the trace
exec sp_trace_setstatus @traceId = @traceId, @status = 1 --1 starts it

--this logs that we started the trace to the event viewer
declare @msg varchar(2000)
set @msg = 'logging under trace:' + cast(@traceId as varchar(10)) + ' started'
exec xp_logevent 60000, @msg, 'informational'
GO

exec master..sp_procoption 'dbo.Server$Watch','startup','true'
GO

 

你可能感兴趣的:(Access)

  • 02-Cesium聚合分析EntityCluster完整代码 fxshy htmlcssjavascript
    1.完整代码Document-->-->Cesium.Ion.defaultAccessToken='eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhZjZkZDAwZC1mNTFhLTRhOTEtOGExNi00MzRhNGIzMDdlNDQiLCJpZCI6MTA1MTUzLCJpYXQiOjE2NjA4MDg0Njd9.qajeJtc4-kp
  • 03-Cesium自定义着色器完整代码以及注释 fxshy 着色器javascript
    1.效果展示2.完整代码自定义着色器完整代码#map{position:absolute;width:100%;height:100%;top:0;left:0;right:0;bottom:0;}Cesium.Ion.defaultAccessToken='eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhZjZkZDAwZC1mNTFhLTRhO
  • mysql学习教程,从入门到精通,TOP 和MySQL LIMIT 子句(15) 知识分享小能手 大数据数据库MySQLmysql学习oracle数据库开发语言adb大数据
    1、TOP和MySQLLIMIT子句内容在SQL中,不同的数据库系统对于限制查询结果的数量有不同的实现方式。TOP关键字主要用于SQLServer和Access数据库中,而LIMIT子句则主要用于MySQL、PostgreSQL(通过LIMIT/OFFSET语法)、SQLite等数据库中。下面将分别详细介绍这两个功能的语法、语句以及案例。1.1、TOP子句(SQLServer和Access)1.1
  • 使用selenium调用firefox提示Profile Missing的问题解决 歪歪的酒壶 selenium测试工具python
    在Ubuntu22.04环境中,使用python3运行selenium提示ProfileMissing,具体信息为:YourFirefoxprofilecannotbeloaded.Itmaybemissingorinaccessible在这个问题的环境中firefox浏览器工作正常。排查中,手动在命令行执行firefox可以打开浏览器,但是出现如下提示Gtk-Message:15:32:09.9
  • 白嫖Gitee实现远程公告功能和小型文件上传下载 xu-jssy Python自动化脚本gitee
    备注:20240527更新:新增私人令牌下载模式一、准备工作1、打开Gitee网站:Gitee.comhttps://gitee.com/2、获取access_token,用于身份验证登录后点击右上角头像,在下拉菜单中进入个人主页点击左边的个人设置点击左边菜单中的安全设置->私人令牌点击右上角生成新令牌根据提示填写信息,点击提交在弹出的页面复制令牌,注意备份保存3、创建一个仓库用来存放文件可以把远
  • Tomcat 中 catalina.out、catalina.log、localhost.log 和 access_log 的区别 金色888
    打开Tomcat安装目录中的log文件夹,我们可以看到很多日志文件,这篇文章就来介绍下这些日记文件的具体区别。catalina.out日志#catalina.out日志文件是Tomcat的标准输出(stdout)和标准出错(stderr)输出的“目的地”。我们在应用里使用System.out打印的内容都会输出到这个日志文件中。另外,如果我们在应用里使用其他的日志框架,配置了向Console输出日志
  • 面试题篇: 跨域问题如何处理(Java和Nginx处理方式) guicai_guojia javanginx开发语言
    1.服务器端解决方案最常见的解决方案是在服务器端配置CORS头。服务器需要在响应中添加适当的Access-Control-Allow-头来允许跨域请求。1.1NGINX配置在NGINX配置中,你可以通过add_header指令来设置CORS头。配置示例:server{  listen80;  server_nameapi.example.com;  location/{    proxy_pass
  • 【网络安全 | 代码审计】JFinal之DenyAccessJsp绕过 秋说 网络安全web安全java代码审计漏洞挖掘
    未经许可,不得转载。文章目录前言代码审计推理绕过Tomcat解析JSP总结概念验证阐发前言JFinal是一个基于Java的轻量级MVC框架,用于快速构建Web应用程序。它的设计理念是追求极简、灵活、高效,旨在提高开发效率,减少冗余代码的编写,适合中小型项目以及对性能有较高要求的项目。在较新的JFinal版本中,默认情况下无法直接通过浏览器地址栏输入.jsp文件名来访问对应的JSP文件。也就是说,主
  • 通过进程Id终止进程 好学松鼠 C++进程C++Windows编程
    #include#include//通过进程ID终止进程BOOLTerminateProcessFromID(DWORDdwID){BOOLbRet=FALSE;//打开进程HANDLEhProcess=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwID);if(hProcess!=NULL){//终止进程bRet=::TerminateProcess(hPro
  • 统计/nginx/access.log中每个ip的访问次数,按高到低排列 年薪丰厚 nginx运维
    /nginx/access.log具体内容长这样:第一个元素就是ip。awk'{print$1}'/nginx/access.log|sort|uniq-c|sort-r首先,awk'{print$1}'/nginx/access.log从/nginx/access.log文件的每行中提取出第一个字段。然后,sort对提取出的第一个字段进行排序。接着,uniq-c统计每个唯一的字段出现的次数。最后
  • python数组的基本操作 迟遇3 python开发语言
    一.创建数组arr:list[int]=[0]*8num1:list[int]=[1,5,9,8,6]二.访问元素1.指定访问(通过索引(下标))defrandom_a(nums:list[int])->int:returnnums[2]print(random_a(arr))2.随机访问(会访问不同的元素)defrandom_access(nums:list[int])->int:"""随机访问
  • vue axios跨域访问相关问题 | axios默认发送‘application/x-www-form-urlencoded‘格式数据 | Content-Type is not allowed b 就是爱吃肉ro #Vue&uni-appaxiosajaxcors跨域vuex-www-form-url
    文章目录概述报错1Content-TypeisnotallowedbyAccess-Control-Allow-Headersinpreflightrespon报错2返回状态码500好久没更博客了,最近一直搞框架搞项目,好多问题也都没有记录下来…好吧,那从今天起来,继续开始保持记录的好习惯,先写一下在axios上踩下了这么多坑.概述通过以下两个报错,来介绍解决使用axios来进行网络请求中的遇到的
  • Wi-Fi基础术语 madmanazo Hardware
    AP:accesspoint,即无线接入点,是一个无线网络的创建者,是网络的中心节点;无线路由器就是一个APSTA:station,指每一个连接到无线网络中的终端设备都可以称为一个站点IBSS:IndependentBasicServiceSet,独立基本服务集,IBSS是一种无线拓扑结构,IEEE802.11标准的模式·IBSS模式,又称作独立广播卫星服务,也称为特设模式,是专为点对点连接SSI
  • 通过DBeaver连接Phoenix操作hbase 不想做咸鱼的王富贵
    通过DBeaver连接Phoenix操作hbase前言本文介绍常用一种通用数据库工具Dbeaver,DBeaver可通过JDBC连接到数据库,可以支持几乎所有的数据库产品,包括:MySQL、PostgreSQL、MariaDB、SQLite、Oracle、Db2、SQLServer、Sybase、MSAccess、Teradata、Firebird、Derby等等。商业版本更是可以支持各种NoSQ
  • 物联网之ESP32配网方式、蓝牙、WiFi 智码帮MJ682517 Web前端嵌入式硬件物联网嵌入式硬件物联网web前端
    MENU前言SmartConfig(智能配网)AP模式(AccessPoint模式)蓝牙配网WebServer模式WPS配网(Wi-FiProtectedSetup)Provisioning(配网服务)静态配置(硬编码)总结前言ESP32配网(Wi-Fi配置)的方式有多种,每种方式都有各自的优缺点。根据具体项目需求,可以选择适合的配网方式。SmartConfig(智能配网)原理ESP32通过监听周
  • Hbase - kerberos认证异常 kikiki2
    之前怎么认证都认证不上,问题找了好了,发现它的异常跟实际操作根本就对不上,死马当活马医,当时也是瞎改才好的,给大家伙记录记录。KrbException:ServernotfoundinKerberosdatabase(7)-LOOKING_UP_SERVER>>>KdcAccessibility:removestorm1.starsriver.cnatsun.security.krb5.KrbTg
  • 【HDFS】【HDFS架构】【HDFS Architecture】【架构】 资源存储库 hdfs架构hadoop
    目录1Introduction介绍2AssumptionsandGoals假设和目标HardwareFailure硬件故障StreamingDataAccess流式数据访问LargeDataSets大型数据集SimpleCoherencyModel简单凝聚力模型“MovingComputationisCheaperthanMovingData”“移动计算比移动数据更便宜”PortabilityAc
  • 【Java】已解决:org.springframework.dao.DataAccessException 屿小夏 javaoracle数据库
    文章目录一、分析问题背景二、可能出错的原因三、错误代码示例四、正确代码示例五、注意事项已解决:org.springframework.dao.DataAccessException一、分析问题背景在Spring框架中,org.springframework.dao.DataAccessException是一个常见的异常类型,通常出现在与数据库交互的过程中。当应用程序尝试执行数据库操作(例如查询、插
  • C++ STL概念之 算法 元凌丶 算法c++开发语言
    sortdefault(1)templatevoidsort(RandomAccessIteratorfirst,RandomAccessIteratorlast);custom(2)templatevoidsort(RandomAccessIteratorfirst,RandomAccessIteratorlast,Comparecomp);作用:用于对容器中的元素进行排序。它通常采用快速排序算
  • API 接口应该如何设计?如何保证安全?如何签名?如何防重? 「已注销」 安全SpringBoot安全githubspringspringboot后端
    说明:在实际的业务中,难免会跟第三方系统进行数据的交互与传递,那么如何保证数据在传输过程中的安全呢(防窃取)?除了https的协议之外,能不能加上通用的一套算法以及规范来保证传输的安全性呢?下面我们就来讨论下常用的一些API设计的安全方法,可能不一定是最好的,有更牛逼的实现方式,但是这篇是我自己的经验分享.token简介Token:访问令牌accesstoken,用于接口中,用于标识接口调用者的身
  • 第十三章 trunk扩展及单臂路由 电脑菜鸡 计算机网络第一阶段网络智能路由器
    一.单臂路由:实现不同VLAN之间通信。1.链路类型:Trunk(中继)链路连接交换机和路由器。Access(接入)链路连接交换机和PC机。2.子接口:路由器的物理接口可以划分成多个逻辑子接口。每个子接口对应一个VLAN网段的网关必须配置IP地址并封装指定的vlan3.单臂路由配置命令:intf0/0nosh\\激活主接口intf0/0.10\\创建子接口10(编号自定义)encapsulatio
  • go-etcd实战 小书go golang实战演练golangetcd服务发现服务注册微服务
    etcd简介etcdisastronglyconsistent,distributedkey-valuestorethatprovidesareliablewaytostoredatathatneedstobeaccessedbyadistributedsystemorclusterofmachines.Itgracefullyhandlesleaderelectionsduringnetwork
  • VBA程序xlsm文件另存xlsx不能保存的问题 文剑至秦 编程excel
    表达式.SaveAs(FileName,FileFormat,Password,WriteResPassword,ReadOnlyRecommended,CreateBackup,AccessMode,ConflictResolution,AddToMru,TextCodepage,TextVisualLayout,Local)1.首先看看FileFormat可选Variant保存文件时使用的文件
  • 只需一招,Word无损转Excel再转回Word 潮办公
    word里面可以插入表格,可以粘贴表格。但是如果后期要修改,数据要重新处理的时候,用word就不方便了。毕竟小编一直认为,word编辑文字,excel数据处理,ppt幻灯片演示,Access数据储存,这才是真正的office正确打开方式。废话不多说,我们这节来谈谈将word下的表格无损格式的情况下变成Excel,经过一定的数据处理后再变回来。Part1将word另存为html网页文件示例文件,这是
  • Spring Boot 2.0 解决跨域问题:WebMvcConfiguration implements WebMvcConfigurer 令狐少侠2011 spring前端springbootjava后端
    WhenallowCredentialsistrue,allowedOriginscannotcontainthespecialvalue“*“sincethatcannotWhenallowCredentialsistrue,allowedOriginscannotcontainthespecialvalue"*"sincethatcannotbesetonthe“Access-Control-
  • RAM(随机存取存储器)都有哪些?(超详细) 嵌入式-JY老师 嵌入式工程师c语言硬件架构智能硬件嵌入式硬件
    目录RAM的特点RAM的类型1.SRAM(静态随机存取存储器)2.DRAM(动态随机存取存储器)3.SDRAM(同步动态随机存取存储器)4.DDRSDRAM(双倍数据速率同步动态随机存取存储器)5.RDRAM(Rambus动态随机存取存储器)6.VRAM(视频随机存取存储器)7.MRAM(磁阻随机存取存储器)8.FeRAM(铁电随机存取存储器)RAM(RandomAccessMemory,随机存取
  • stm32 RTC guanjianhe
    #include"stm32f10x.h"staticvoidRTC_Configuration(void){/*使能PWR和Backup时钟*/RCC_APB1PeriphClockCmd(RCC_APB1Periph_PWR|RCC_APB1Periph_BKP,ENABLE);/*允许访问Backup区域*/PWR_BackupAccessCmd(ENABLE);/*复位Backup区域*/
  • Spring Cloud云架构 - SSO单点登录之OAuth2.0 根据token获取用户信息(4) 初夏_91fb
    上一篇我根据框架中OAuth2.0的使用总结,画了SSO单点登录之OAuth2.0登出流程,今天我们看一下根据用户token获取yoghurt信息的流程:image/***根据token获取用户信息*@paramaccessToken*@return*@throwsException*/@RequestMapping(value="/user/token/{accesstoken}",method
  • 分布式中间件-redis相关概念介绍 问道飞鱼 分布式技术分布式中间件redis
    文章目录什么是redis?示意图Redis的主要特点Redis的主要用途Redis的工作原理Redis的持久化与备份redis6.x新增特性多线程数据加载客户端缓存新的RESP3协议支持ACL(AccessControlList)功能`新增数据类型`性能改进配置文件的改进其他改进redis数据类型有哪些?redis部署模式有哪些?redis常见问题缓存击穿(CacheStampede)缓存雪崩(C
  • 树形列表成员- DevExpress.XtraTreeList.TreeList lihaidomain
    多列控制节点(记录)在树形结构中的显示位置。公共构造函数名称描述树形列表初始化一个新的树形列表类实例。公共属性名称描述AccessibilityObject(从System.Windows.Forms.Control的继承)AccessibleDefaultActionDescription(从System.Windows.Forms.Control的继承)AccessibleDescriptio
  • Java实现的简单双向Map,支持重复Value superlxw1234 java双向map
    关键字:Java双向Map、DualHashBidiMap     有个需求,需要根据即时修改Map结构中的Value值,比如,将Map中所有value=V1的记录改成value=V2,key保持不变。   数据量比较大,遍历Map性能太差,这就需要根据Value先找到Key,然后去修改。   即:既要根据Key找Value,又要根据Value
  • PL/SQL触发器基础及例子 百合不是茶 oracle数据库触发器PL/SQL编程
      触发器的简介; 触发器的定义就是说某个条件成立的时候,触发器里面所定义的语句就会被自动的执行。因此触发器不需要人为的去调用,也不能调用。触发器和过程函数类似 过程函数必须要调用,   一个表中最多只能有12个触发器类型的,触发器和过程函数相似 触发器不需要调用直接执行, 触发时间:指明触发器何时执行,该值可取: before:表示在数据库动作之前触发
  • [时空与探索]穿越时空的一些问题 comsci 问题
          我们还没有进行过任何数学形式上的证明,仅仅是一个猜想.....       这个猜想就是; 任何有质量的物体(哪怕只有一微克)都不可能穿越时空,该物体强行穿越时空的时候,物体的质量会与时空粒子产生反应,物体会变成暗物质,也就是说,任何物体穿越时空会变成暗物质..(暗物质就我的理
  • easy ui datagrid上移下移一行 商人shang js上移下移easyuidatagrid
    /** * 向上移动一行 * * @param dg * @param row */ function moveupRow(dg, row) { var datagrid = $(dg); var index = datagrid.datagrid("getRowIndex", row); if (isFirstRow(dg, row)) {
  • Java反射 oloz 反射
    本人菜鸟,今天恰好有时间,写写博客,总结复习一下java反射方面的知识,欢迎大家探讨交流学习指教 首先看看java中的Class package demo; public class ClassTest { /*先了解java中的Class*/ public static void main(String[] args) { //任何一个类都
  • springMVC 使用JSR-303 Validation验证 杨白白 springmvc
    JSR-303是一个数据验证的规范,但是spring并没有对其进行实现,Hibernate Validator是实现了这一规范的,通过此这个实现来讲SpringMVC对JSR-303的支持。 JSR-303的校验是基于注解的,首先要把这些注解标记在需要验证的实体类的属性上或是其对应的get方法上。 登录需要验证类 public class Login { @NotEmpty
  • log4j 香水浓 log4j
    log4j.rootCategory=DEBUG, STDOUT, DAILYFILE, HTML, DATABASE #log4j.rootCategory=DEBUG, STDOUT, DAILYFILE, ROLLINGFILE, HTML #console log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender log4
  • 使用ajax和history.pushState无刷新改变页面URL agevs jquery框架Ajaxhtml5chrome
    表现 如果你使用chrome或者firefox等浏览器访问本博客、github.com、plus.google.com等网站时,细心的你会发现页面之间的点击是通过ajax异步请求的,同时页面的URL发生了了改变。并且能够很好的支持浏览器前进和后退。 是什么有这么强大的功能呢? HTML5里引用了新的API,history.pushState和history.replaceState,就是通过
  • centos中文乱码 AILIKES centosOSssh
    一、CentOS系统访问 g.cn ,发现中文乱码。 于是用以前的方式:yum -y install fonts-chinese CentOS系统安装后,还是不能显示中文字体。我使用 gedit 编辑源码,其中文注释也为乱码。       后来,终于找到以下方法可以解决,需要两个中文支持的包: fonts-chinese-3.02-12.
  • 触发器 baalwolf 触发器
    触发器(trigger):监视某种情况,并触发某种操作。 触发器创建语法四要素:1.监视地点(table) 2.监视事件(insert/update/delete) 3.触发时间(after/before) 4.触发事件(insert/update/delete) 语法: create trigger triggerName after/before 
  • JS正则表达式的i m g bijian1013 JavaScript正则表达式
            g:表示全局(global)模式,即模式将被应用于所有字符串,而非在发现第一个匹配项时立即停止。         i:表示不区分大小写(case-insensitive)模式,即在确定匹配项时忽略模式与字符串的大小写。         m:表示
  • HTML5模式和Hashbang模式 bijian1013 JavaScriptAngularJSHashbang模式HTML5模式
            我们可以用$locationProvider来配置$location服务(可以采用注入的方式,就像AngularJS中其他所有东西一样)。这里provider的两个参数很有意思,介绍如下。 html5Mode         一个布尔值,标识$location服务是否运行在HTML5模式下。 ha
  • [Maven学习笔记六]Maven生命周期 bit1129 maven
    从mvn test的输出开始说起   当我们在user-core中执行mvn test时,执行的输出如下:   /software/devsoftware/jdk1.7.0_55/bin/java -Dmaven.home=/software/devsoftware/apache-maven-3.2.1 -Dclassworlds.conf=/software/devs
  • 【Hadoop七】基于Yarn的Hadoop Map Reduce容错 bit1129 hadoop
    运行于Yarn的Map Reduce作业,可能发生失败的点包括 Task Failure Application Master Failure Node Manager Failure Resource Manager Failure 1. Task Failure 任务执行过程中产生的异常和JVM的意外终止会汇报给Application Master。僵死的任务也会被A
  • 记一次数据推送的异常解决端口解决 ronin47 记一次数据推送的异常解决
       需求:从db获取数据然后推送到B         程序开发完成,上jboss,刚开始报了很多错,逐一解决,可最后显示连接不到数据库。机房的同事说可以ping 通。     自已画了个图,逐一排除,把linux 防火墙 和 setenforce 设置最低。    service iptables stop
  • 巧用视错觉-UI更有趣 brotherlamp UIui视频ui教程ui自学ui资料
    我们每个人在生活中都曾感受过视错觉(optical illusion)的魅力。 视错觉现象是双眼跟我们开的一个玩笑,而我们往往还心甘情愿地接受我们看到的假象。其实不止如此,视觉错现象的背后还有一个重要的科学原理——格式塔原理。 格式塔原理解释了人们如何以视觉方式感觉物体,以及图像的结构,视角,大小等要素是如何影响我们的视觉的。 在下面这篇文章中,我们首先会简单介绍一下格式塔原理中的基本概念,
  • 线段树-poj1177-N个矩形求边长(离散化+扫描线) bylijinnan 数据结构算法线段树
    package com.ljn.base; import java.util.Arrays; import java.util.Comparator; import java.util.Set; import java.util.TreeSet; /** * POJ 1177 (线段树+离散化+扫描线),题目链接为http://poj.org/problem?id=1177
  • HTTP协议详解 chicony http协议
    引言                                 
  • Scala设计模式 chenchao051 设计模式scala
    Scala设计模式                我的话: 在国外网站上看到一篇文章,里面详细描述了很多设计模式,并且用Java及Scala两种语言描述,清晰的让我们看到各种常规的设计模式,在Scala中是如何在语言特性层面直接支持的。基于文章很nice,我利用今天的空闲时间将其翻译,希望大家能一起学习,讨论。翻译
  • 安装mysql daizj mysql安装
    安装mysql   (1)删除linux上已经安装的mysql相关库信息。rpm  -e  xxxxxxx   --nodeps (强制删除)      执行命令rpm -qa |grep mysql 检查是否删除干净   (2)执行命令  rpm -i MySQL-server-5.5.31-2.el
  • HTTP状态码大全 dcj3sjt126com http状态码
    完整的 HTTP 1.1规范说明书来自于RFC 2616,你可以在http://www.talentdigger.cn/home/link.php?url=d3d3LnJmYy1lZGl0b3Iub3JnLw%3D%3D在线查阅。HTTP 1.1的状态码被标记为新特性,因为许多浏览器只支持 HTTP 1.0。你应只把状态码发送给支持 HTTP 1.1的客户端,支持协议版本可以通过调用request
  • asihttprequest上传图片 dcj3sjt126com ASIHTTPRequest
    NSURL *url =@"yourURL"; ASIFormDataRequest*currentRequest =[ASIFormDataRequest requestWithURL:url]; [currentRequest setPostFormat:ASIMultipartFormDataPostFormat];[currentRequest se
  • C语言中,关键字static的作用 e200702084 C++cC#
    在C语言中,关键字static有三个明显的作用: 1)在函数体,局部的static变量。生存期为程序的整个生命周期,(它存活多长时间);作用域却在函数体内(它在什么地方能被访问(空间))。 一个被声明为静态的变量在这一函数被调用过程中维持其值不变。因为它分配在静态存储区,函数调用结束后并不释放单元,但是在其它的作用域的无法访问。当再次调用这个函数时,这个局部的静态变量还存活,而且用在它的访
  • win7/8使用curl geeksun win7
    1.  WIN7/8下要使用curl,需要下载curl-7.20.0-win64-ssl-sspi.zip和Win64OpenSSL_Light-1_0_2d.exe。 下载地址:  http://curl.haxx.se/download.html 请选择不带SSL的版本,否则还需要安装SSL的支持包   2.  可以给Windows增加c
  • Creating a Shared Repository; Users Sharing The Repository hongtoushizi git
    转载自:   http://www.gitguys.com/topics/creating-a-shared-repository-users-sharing-the-repository/ Commands discussed in this section: git init –bare git clone git remote git pull git p
  • Java实现字符串反转的8种或9种方法 Josh_Persistence 异或反转递归反转二分交换反转java字符串反转栈反转
    注:对于第7种使用异或的方式来实现字符串的反转,如果不太看得明白的,可以参照另一篇博客: http://josh-persistence.iteye.com/blog/2205768   /** * */ package com.wsheng.aggregator.algorithm.string; import java.util.Stack; /**
  • 代码实现任意容量倒水问题 home198979 PHP算法倒水
    形象化设计模式实战             HELLO!架构                     redis命令源码解析   倒水问题:有两个杯子,一个A升,一个B升,水有无限多,现要求利用这两杯子装C
  • Druid datasource zhb8015 druid
    推荐大家使用数据库连接池 DruidDataSource. http://code.alibabatech.com/wiki/display/Druid/DruidDataSource DruidDataSource经过阿里巴巴数百个应用一年多生产环境运行验证,稳定可靠。 它最重要的特点是:监控、扩展和性能。 下载和Maven配置看这里: http
  • 两种启动监听器ApplicationListener和ServletContextListener spjich javaspring框架
    引言:有时候需要在项目初始化的时候进行一系列工作,比如初始化一个线程池,初始化配置文件,初始化缓存等等,这时候就需要用到启动监听器,下面分别介绍一下两种常用的项目启动监听器   ServletContextListener  特点: 依赖于sevlet容器,需要配置web.xml 使用方法: public class StartListener implements
  • JavaScript Rounding Methods of the Math object 何不笑 JavaScriptMath
        The next group of methods has to do with rounding decimal values into integers. Three methods — Math.ceil(),  Math.floor(), and  Math.round() — handle rounding in differen
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他