如何将 activerecord-sqlserver-adapter 与 TinyTDS * 和 * Windows 上的集成安全连接一起使用 * 无需* 以纯文本格式保存密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7655312/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to use activerecord-sqlserver-adapter with TinyTDS *and* an Integrated Security connection on Windows *without* saving a password in plain text
提问by Russell B
I'm trying to use Rails 3.1. with the activerecord-sqlserver-adapter (3.1.1) and tiny_tds (0.4.5) on a Windows machine. In reading about TinyTDS and it's use of FreeTDS it looks like I can use Integrated Security (aka Windows Integrated security/NTLM) by putting a domain-qualified name as the user name (e.g. DOMAIN\userbob). Butthe docs still want me to type my domain user's password in the database.yml file. That's bad practice because it's insecure and doesn't take advantage of single-sign on, which is part of the point for Integrated Security.
我正在尝试使用 Rails 3.1。在 Windows 机器上使用 activerecord-sqlserver-adapter (3.1.1) 和 tiny_tds (0.4.5)。在阅读有关 TinyTDS 及其对 FreeTDS 的使用时,看起来我可以通过将域限定名称作为用户名(例如 DOMAIN\userbob)来使用集成安全性(又名 Windows 集成安全性/NTLM)。 但是文档仍然希望我在 database.yml 文件中输入域用户的密码。这是不好的做法,因为它不安全,并且没有利用单点登录,这是集成安全性的一部分。
Can I connect without saving a password in plain text in a file? e.g.
我可以在不将密码以纯文本形式保存在文件中的情况下进行连接吗?例如
developement:
adapter: sqlserver
mode: dblib
dataserver: localhost
database: dev_db
username: DOMAIN\userbob
# password: no_no_please_dont_make_me_type_it_here
But, even if I put a password I get the following error:
但是,即使我输入了密码,也会出现以下错误:
TinyTds::Error: Unable to connect: Adaptive Server is unavailable or does not exist
from C:/Ruby192/lib/ruby/gems/1.9.1/gems/tiny_tds-0.4.5-x86-mingw32/lib/tiny_tds/client.rb:60:in `connect'
from C:/Ruby192/lib/ruby/gems/1.9.1/gems/tiny_tds-0.4.5-x86-mingw32/lib/tiny_tds/client.rb:60:in `initialize'
I know my server is running and the current user context can connect because this works:
我知道我的服务器正在运行并且当前用户上下文可以连接,因为它有效:
sqlcmd -S localhost -d dev_db -E
Any insights? Is it possible? If not, it shouldbe.
任何见解?是否可以?如果没有,它应该是。
回答by Ketan
Enable TCP/IP in "SQL Server Network Configuration" in SQL Server Configuration Manager utility. Then restart SQL Server service.
在 SQL Server 配置管理器实用程序的“SQL Server 网络配置”中启用 TCP/IP。然后重新启动 SQL Server 服务。
Regarding security you will need to supply your own credentials otherwise it will use sa account.
关于安全性,您需要提供自己的凭据,否则它将使用 sa 帐户。
回答by Jason
Apparently SQL Server 2008 is setup by default to ONLY allow Windows Authentication. To change that you have to open the Management Studio, Right click on your server and select Properties. Select Security and click the "SQL Server and Windows Authentication mode" under Server authentication. This will at least allow you to connect directly to the server until TinyTDS makes the needed changes to allow Windows Authentication.
显然,SQL Server 2008 默认设置为仅允许 Windows 身份验证。要更改您必须打开 Management Studio,右键单击您的服务器并选择属性。选择“安全”,然后单击“服务器身份验证”下的“SQL Server 和 Windows 身份验证模式”。这至少将允许您直接连接到服务器,直到 TinyTDS 进行所需的更改以允许 Windows 身份验证。
回答by Stephen Turner
I think the code making the connection is trying to make the process impersonate the security context supplied by the credentials instead of passing the default credentials through to SQL server.
我认为建立连接的代码试图让进程模拟凭据提供的安全上下文,而不是将默认凭据传递给 SQL 服务器。
This would allow you to specify different credentials to the current security context. I've used this trick to connect to a server requiring SSIS from an untrusted domain.
这将允许您为当前安全上下文指定不同的凭据。我使用这个技巧从不受信任的域连接到需要 SSIS 的服务器。
I don't know TinyTDS/FreeTDS, perhaps null or empty credentials would make it use the default security context. Try:
我不知道 TinyTDS/FreeTDS,也许 null 或空凭据会使其使用默认安全上下文。尝试:
developement:
adapter: sqlserver
mode: dblib
dataserver: localhost
database: dev_db
or
或者
developement:
adapter: sqlserver
mode: dblib
dataserver: localhost
database: dev_db
username:
password:
回答by byCoder
Try to use
尝试使用
developement:
adapter: sqlserver
mode: dblib
dataserver: localhost\SQLEXPRESS
database: dev_db
username: DOMAIN\userbob
or else do you set 2 variant authentificationin your's sql server? then try to connect with sa user...
或者你是否在你的 sql server 中设置了 2 个变体身份验证?然后尝试与sa用户连接...
