stackoom
  简体   繁体   中英

How can I create a database on my server from the web?

 原文  2009-03-23 19:58:04       asp.net/ sql-server

Question

I have an admin account for my website where I add new clients. When a new client is added, they get an account and their own database.

The problem is I can't create new databases on my server from my admin account. When running it locally, I can add a database locally. But, when I try adding to the server running my website off the server, I get

CREATE DATABASE permission denied in database 'master'.

I've been able to add the database (locally) a few ways. This is one of the simpler working versions:

tmpConn.ConnectionString = "Data Source=.\\SQLEXPRESS; DATABASE = master;Integrated Security=True;";
sqlCreateDBQuery = " CREATE DATABASE " + dbname;

SqlCommand myCommand = new SqlCommand(sqlCreateDBQuery, tmpConn);
try
{
    tmpConn.Open();
    myCommand.ExecuteNonQuery();

}
catch (System.Exception ex)
{}

5 answers

solution1
 3  2009-03-23 20:45:31

I suspect that whatever account you're using to connect to Sql Server doesn't have permissions to CREATE DATABASE. You're probably using Integrated Security, which would use Network Service/ASP.NET to connect to MSSQL. You need to create a new connection string that uses Sql Authentication with sa (or another sysadmin) credentials.

Oh - and this would work locally because you're running it under Visual Studio's WebDev.exe which is run with your local user account - which is probably set up as a sysadmin in MSSQL.

solution2
 0  

You should contact your service provider. (Or the maintainer of the server).

solution3
 0  2009-03-23 20:21:05

You need create database and create database user permissions. Your service provider should be able to facilitate this.

solution4
 0  2009-03-23 20:35:55

Something else no one has suggested is what kind of validation you are doing on the dbname value. Are you sure there are no spaces in it? That it's not a reserved word? That it doesn't contain malicious code? At very least you should encase it in brackets:

sqlCreateDBQuery = String.Format(" CREATE DATABASE [{0}]", dbname);

I really hope you aren't allowing the user to type this name directly into a textbox somewhere. Even if you use property security on the initial input and this is pulled back from a common "clients" db of some kind, you might be setting yourself up for a 2nd order Sql Injection vulnerability.

After you've addressed that, we can look at the error message here. In this case, the problem is that your web user does not have appropriate CREATE permissions. You need to correct that and it should allow you to proceed. You probably want to reserve a special account for this that you switch to just at this time, so your application doesn't normally run in a context that would allow this kind of action.

solution5
 -1  2009-03-23 20:20:59

Check the permissions for MySQL: Does your admin account have different settings for a local connection versus any host?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I deliver an an encrypted file from my web server? How can I test multiple web requests to my web server? .NET Web Core 5 API - How can I consume Kafka messages from my Linux server? How can I create an Entity, add it to my database context, and return its attributes from another Controller? How can I log user name when SQL Server database on different server than web server? How can I access a database from a web page in Visual Studio? how can i send an image to stimulsoft web report from database How can I change connection strings for database in my web.config that have database name based on Login_User table from LOGIN database How do I create a table in SQL server database in asp.net web application project How can I code my web app so that it knows what web server it's on?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM