I am having a very strange problem and am hoping someone out there has had a similar experience.
My companies application for one client is getting "banned" from the SQL Server at the beginning of our application. The behavior is strange. I'll write it out in point form.
SQL Connections are created, data is retrieved, the connections are closed, talk to another datasource and then denied access to SQL Server.
Here's the long winded version:
.NET application connects to database multiple times. Gets some data, does some work. It then goes to get some more data and then gets an error that the "SQL Server cannot be found or access is denied". If the process is started over again without re-starting the app then no more connections are able to be made to SQL Server. All new connections result in "SQL Server cannot be found or access is denied". If the application is restarted then it will repeat the above process.
This is the first in 5 years of my experience with the software to have this problem. The application does have code written in Delphi 7. The dephi 7 / VBA code has not issues. My .NET code that performs the actual query looks like:
protected abstract DbConnection GetConnection();
protected abstract DbDataAdapter GetDataAdapter(DbCommand cmd);
protected abstract DbCommand GetCommand(DbConnection conn, String sql);
protected abstract DbCommandBuilder GetCommandBuilder(DbDataAdapter adapter);
public virtual DataTable Query(string sql)
{
var dt = new DataTable();
using (var conn = GetConnection())
{
try
{
using (var cmd = GetCommand(conn, sql))
{
using (var adapter = GetDataAdapter(cmd))
{
adapter.Fill(dt);
}
}
}
catch (Exception ex)
{
throw new SqlStatementException(sql, ex);
}
}
return dt;
}
It is my own quite and dirty DAL. When it is used it is using an OleDbConnection.
Note: Due to legacy code the connection string is configured for OleDbConnection. After taking a moment to review my code I do have the ability to change the connection type to SqlConnection. I haven't tried that yet.
On the client's machine I have not been able to reproduce the issue outside of the main application. I tried creating a little app that would make 100 calls back to back using the format above with an OleDbConnection but it executed successfully.
The failure in the main app happens in the same spot. That should give me a clue except I cannot make sense of it since it is making duplicate query, getting the same data. But I will say that the application talks to two data sources and transfers data from one to the other. Before it does the transfer it does some validation on the sources. So it talks to another database (proprietary file based) via ODBC and comes back successfully and then fails when trying to talk to SQL Server through OleDbConnection.
My suspicion is something is happening in the connection pool. That is causing a failure which in turns causes a denial of access.
Other interesting points. All worked fine for about a year, client got a new machine a couple of months ago, all work fine and then suddenly stopped. I put the application on another machine at the client's site and all worked well for a week and then the same issue appeared. We turned everything off on the client's machine but the issue persisted. I thought firewall but no luck there.
Any assistance is greatly appreciated.
Was gonna put this in a comment, but it got too big :-)
I see your connection-creating methods are abstract. This of course means that derivatives can do all sorts of bad things when they create the connection. I'd look there first.
One thing I found in a similar situation...if you're doing something in the code that creates the connection that makes the connection string unique, you won't be reusing those pooled connections. So...doing something like adding an "App=MyApp" + an incrementing number, date/time, or guid, it will destroy your ability to use pooled connections. When this happened to me, it took me forever to figure it out.
If your application was "slow enough" in the past, such that "old" pooled connections fall out of the pool, you might never see a problem...but then, say a customer gets hot new hardware...and blam...weird errors from nowhere! This might not be what's happening to you, but maybe it will give you some ideas about where to look. Good luck!
Related
I've been trying to get some initial code working before I start working on my app.
I have had this working maybe a year ago so something tells me there is an update/version issue.
But any help is good so.
I have a raspberry pi set up with apache, MariaDB, php etc etc. I have a simple webpage running so apache is fine, I have another webpage that pulls data from a table so MariaDB is fine (fine-ish, given my issue). I have myphpadmin set up and can log in create new db's and users etc.
Now I would like to have a UWP app interact with a db hosted on my pi. I created a new user with SELECT and INSERT only for a specific db (hopefully this reduces security issues but I'm new so maybe I'm wishing).
I also then found the mariadb config file and commented the bind-address line. The skip-networking line is no longer in the file so just ignored that. (this is what the docs say to allow remote connections).
I have opened port 3306 on my router, and I also have a domain name and use no-ip but I assume this is all fine as apache runs fine. Saw someone talking about SSH, I changed my ssh port but I don't think that would be the issue.
Then the UWP.
Last time I tried this I had to use MySQL Connector Net 6.7.9 as newer versions didn't work with RT. So I have added this to the project references.
Now for simple testing the connection I have a button and TextBlock, click the button to attempt connecting and output the exception/result.
Have tried conn string builder as well as just a straight forward string, neither work.
private void ConnectDatabase_Click(object sender, RoutedEventArgs e)
{
string ConnString;
MySqlConnection Conn;
MySqlConnectionStringBuilder Csb = new MySqlConnectionStringBuilder();
Csb.Server = "http://rnd-domain.me";
Csb.Port = 3306;
Csb.UserID = "usr";
Csb.Password = "passwd";
Csb.Database = "testdb";
ConnString = "server=http://rnd-domain.me;database=testdb;uid=usr;pwd=passwd;";
Conn = new MySqlConnection(ConnString);
try
{
Conn.Open();
DbUpdateText.Text = "connected";
Conn.Close();
}
catch(Exception ex)
{
DbUpdateText.Text = ex.Message;
}
}
When I click the button the ex.Message is 'Unable to connect to any of the specified MySQL hosts.'.
There are no errors thrown with the app, just this unhelpful message.
I've googled this and wasted 80% of my sunday trying to get this working. I've added sslmode=none, charset=utf8, port=3306. I tried using server=localhost or using my current ip and even using my mariadb master user (not root).
What could be the issue?
Thanks.
Edit:
I just used the pi's internal IP and got a new ex.Message, understood this one about SSl, added sslmode=none and all is working.
So now its just getting around the domain name issue?
Your connection string isn't quite right.
You probably want this:
server=rnd-domain.me;database=testdb;uid=usr;pwd=REDACTED;
It doesn't make sense to mention http:// in a MySQL connection string, because the connection doesn't use the HTTP protocol. Rather it uses the MySQL protocol.
The issue was using a pc (client) and raspi (server) both inside the home network.
When I changed the host to the internal IP of the raspi it all worked fine.
I am currently trying to do something that should be simple and straight-forward - connect to a database server, run a query, see if I get anything back and if so send it back to the user. This is the code I'm using to do it:
MySqlDataReader reader = MySqlHeaper.ExecuteReader(connectionString, $"SELECT * FROM table WHERE insertDateTime > '{DateTime.Now.AddSeconds(-1800).ToString("yyyy-MM-ddTHH:mm:ss")}'";
I have also tried this with a MySqlCommand and MySqlConnection object pair, and either way the result is the same - it takes approximately 7100ms to connect to the MySql server. I know that sounds like a problem that should be on ServerFault, but my testing tells me otherwise. When I use the command line MySql client to connect to my database server using exactly the same credentials and run exactly the same query I get my connection established and my data back in nothing flat. I don't know at this stage if it's a server setting or not, but here's what I've tried so far:
Rebooting the server
Restarting the MySQL server
Setting the skip_name_resolve setting to 1 in order to prevent reverse name lookups on connect
Using alternative means of querying the server (mysql command line client and MySQL Workbench)
Opening all AWS IAM permissions on the RDS instance to allow everything from the server
Nothing seems to be making any difference, so I'm at a loss to explain this terrible performance. It's also only happening when I open the connection. Running queries, inserts, what have you is lightning fast. Any suggestions anyone might have would be most helpful.
I would not expect IAM permissions to have any impact on performance. I would expect them to be either successful or not successful.
I would execute some diagnostic protocols to get more information.
1) Try a subsequent query, to see if it is an issue with the stack being initialized. Are subsequent queries faster?
2) Try a query that is just an identity query. Something that doesn't require any sort of IO.
3) Try a query from a different platform (maybe a scripting language like ruby or php)
Once you answer those it should help you narrow it down.
This is most likely caused by Connector/NET executing a slow WMI query to query connection attributes when opening the connection; this is logged as MySQL bug 80030.
As far as I know, this isn't fixed in newer versions of the driver, but you can work around it by switching to MySqlConnector, an OSS MySQL ADO.NET library.
While i've been debugging my code, I've been writing the output to the console so that I can monitor the errors and sql output. Naturally to protect against sql injection I have parameterised the queries where needed. After reading some articles online regarding the methods by which some injection attacking programs work, I now question whether the below practice is a good idea anymore.
Consider the following method.
public void MyQuery(int item_id)
{
string sql = "SELECT * FROM table WHERE item_id = #id";
SqlCommand sqlQuery = new SqlCommand(sql,conn);
sqlQuery.Parameters.Add("#id", SqlDbType.Int).Value = item_id;
try
{
conn.Open();
sqlQuery.ExecuteNonQuery();
conn.Close();
}
catch (SqlException ex)
{
Console.WriteLine(sql);
Console.WriteLine(ex.Message);
}
}
on my dev machine the console output is fine - no risk here. But if i were to leave the code as it is now when the application was live, would that potentially open up other avenues to exploit?
Im aware that if i were to have done MessageBox.Show(ex.Message); that would certainly be bad due to it being in your face.
You're deploying a WinForms application that connects to a SQL Server with credentials that apparently allow the application to write to that SQL Server.
Leaking SQL errors to the console is the least of your worries.
A malicious user can simply use the credentials used by your application to execute arbitrary SQL on that server.
Anything you deploy on a client machine must be considered insecure. Leaking queries is not the problem (the user could decompile your application or check its resources and inspect the SQL strings), the problem is that the client has a direct database connection.
If you want to prevent the client to know where the database is, what its credentials are and what queries your application executes, you must remove all this code from your application, and let the database stuff happen on a different machine altogether. You can then talk to this machine through a web service, for example.
Then the web service handles authentication, and refuses to execute any action for a user that isn't authenticated.
Recently our QA team reported a very interesting bug in one of our applications. Our application is a C# .Net 3.5 SP1 based application interacting with a SQL Server 2005 Express Edition database.
By design the application is developed to detect database offline scenarios and if so to wait until the database is online (by retrying to connect in a timely manner) and once online, reconnect and resume functionality.
What our QA team did was, while the application is retrieving a bulk of data from the database, stop the database server, wait for a while and restart the database. Once the database restarts the application reconnects to the database without any issues but it started to continuously report the exception "Could not find prepared statement with handle x" (x is some number).
Our application is using prepared statements and it is already designed to call the Prepare() method again on all the SqlCommand objects when the application reconnects to the database. For example,
At application startup,
SqlCommand _commandA = connection.CreateCommand();
_commandA.CommandText = #"SELECT COMPANYNAME FROM TBCOMPANY WHERE ID = #ID";
_commandA.CommandType = CommandType.Text;
SqlParameter _paramA = _commandA.CreateParameter();
_paramA.ParameterName = "#ID";
_paramA.SqlDbType = SqlDbType.Int;
_paramA.Direction = ParameterDirection.Input;
_paramA.Size = 0;
_commandA.Parameters.Add(_paramA);
_commandA.Prepare();
After that we use ExceuteReader() on this _commandA with different #ID parameter values in each cycle of the application.
Once the application detects the database going offline and coming back online, upon reconnect to the database the application only executes,
_commandA.Prepare();
Two more strange things we noticed.
1. The above situation on happens with CommandType.Text type commands in the code. Our application also uses the same exact logic to invoke stored procedures but we never get this issue with stored procedures.
2. Up to now we were unable to reproduce this issue no matter how many different ways we try it in the Debug mode in Visual Studio.
Thanks in advance..
I think with almost 3 days of asking the question and close to 20 views of the question and 1 answer, I have to conclude that this is not a scenario that we can handle in the way we have tried with SQL server.
The best way to mitigate this issue in your application is to re-create the SqlCommand object instance again once the application detects that the database is online.
We did the change in our application and our QA team is happy about this modification since it provided the best (or maybe the only) fix for the issue they reported.
A final thanks to everyone who viewed and answered the question.
The server caches the query plan when you call 'command.Prepare'. The error indicates that it cannot find this cached query plan when you invoke 'Prepare' again. Try creating a new 'SqlCommand' instance and invoking the query on it. I've experienced this exception before and it fixes itself when the server refreshes the cache. I doubt there is anything that can be done programmatically on the client side, to fix this.
This is not necessarily related exactly to your problem but I'm posting this as I have spent a couple of days trying to fix the same error message in my application. We have a Java application using a C3P0 connection pool, JTDS driver, connecting to a SQL Server database.
We had disabled statement caching in our the C3P0 connection pool, but had not done this on the driver level. Adding maxStatements=0 to our connection URL stopped the driver caching statements, and fixed the error.
I am working on an ASP.NET 2.0 website. The issue that I'm having is that it queries a database to get the info it displays on screen, but the database occasionally gets to where it has too many open connections. This causes the website to reject the attempt to log-in for anyone, after that database error.
This is caused because many users will log-in, do what they need to do, but then leave the website running while they do other things without logging out. It will time out on them, but the connection still seems to be open. We then have to contact the person in charge of the server it's running on and have him reset it for us.
I have looked and all connections made to the database seem to be closed after the request and query is made. So, what I want to do is to add a button that when clicked will reset the website, instead of having to call the guy in charge of the server every time. Then we can reset it whenever we need to. So, how do I reset an ASP.NET 2.0 website with a button on one of the pages inside the site?
Many thanks,
Mike
all connections made to the database seem to be closed after the request
The problem here is the word "seem". For example, this code "seems" like it will close the connection, but in some situations it won't:
var conn = new SqlConnection("MyConnection");
var cmd = new SqlCommand("query string here", conn);
cmd.ExecuteNonQuery();
conn.Close():
I can hear you saying, "Of course it closes the connection. Don't you see the 'conn.Close();' line?" The problem is that there are things that can happen that prevent the conn.Close() line from executing.
Instead, you need to do something like this:
using (var conn = new SqlConnection("MyConnection"))
using (var cmd = new SqlCommand("query string here", conn))
{
cmd.ExecuteNonQuery();
}
That code will always close the connection.
If you're really serious about "resetting" the application, you might try calling Environment.Exit(), but again: this is a bad idea.
I don't think adding a button to reset the website is the correct choice.
You should really look into why the connections aren't closing.
If you're using SqlConnections, then wrap them in a using statement, this will dispose of the connection after you're finished.
Here's an example:
using (SqlConnection connection = new SqlConnection(connectionString))
{
connection.Open();
// Do work here; connection closed on following line.
}
To answer your actual question, the easiest way to reset a ASP.NET site is to just modify the web.config which will cause the site to reload.
So if I wanted to implement a button all I would do is set a value in the app settings that is meaningless (perhaps a date time of the last reset) and then use ConfigurationManager to save the changes.
MSDN reference: ConfigurationManager Class