SQL SERVER – How to Hide Yourself from SQL Server? – Guest Post by Balmukund Lakhani

Balmukund Lakhani (Blog | Twitter | Site) is currently working as Technical Lead in SQL Support team with Microsoft India GTSC. In past 7+ years with Microsoft he was also a part of the Premier Field Engineering Team for 18 months. During that time he was a part of rapid on-site support (ROSS) team. Prior to joining Microsoft in 2005, he worked as SQL developer, SQL DBA and also got a chance to wear his other hat as an ERP Consultant.

Balmukund is a great friend and one of the finest SQL Server Expert I know. When I requested him for Guest Post, he has indeed come up with a fantastic blog post and very interesting title of the blog post. I am sure many wants to learn the trick to hide from SQL Server, so here it goes in his own words.

Important: It is Balmukund’s Birthday Today – please wish him all the best for exciting SQL filled New Year! Wish him on Twitter or leave a comment on his Blog.


I am sure that all of us have used SQL Server Management Studio countless times. It’s the common tool used by all DBA and developers. Most of the time we give server name, user name and password (if needed) and hit connect. Right? Have you ever clicked on “Options >>” button and made some changes in connection properties? Pinal wrote about color coding of servers, using “use custom color” option, here and posted a video here which is available in connection properties tab.

In this blog, we are going to talk about the third tab “Additional Connections Parameters”. When we want to test connecting string and those options are not available in earlier two tabs, then we can provide them in this tab (available in SQL 2008 onwards). The parameters should be separated by semicolons (;). There are a few parameters in connection string which can be spoofed. Let us start from hiding from SQL Server.

Attempt 1: Hide from SQL Server

Enter following parameters in the Additional Connection Parameter and click on Connect.
Application Name=Pinal-SSMS;Workstation ID=Pinal-PC

Once we connect and try to check our connection properties, the result of this would be as follows:

SELECT HOST_NAME, program_name
FROM sys.dm_exec_sessions
WHERE session_id = @@spid

If any DBA sees this, they would think that Pinal is working but it’s Balmukund in reality. And, I have hidden myself.

Attempt 2: Hide SQL Server from User (Deceive User)

Now we have hidden ourselves from SQL Server – let us do something crazy. Let us hide the SQL Server from the user. This can be extremely confusing so I suggest to use it carefully or never use it at all. If I can, I would have put red flashing lights around previous statement.

Now let us change the Data Source property in Additional Connection Parameters place. Let us confuse user that they are connecting to instance SQLServer2000 even though they are really connecting to instance BIG. My localhost is named as BIG and in following connection I am providing a incorrect server name Big\SQLServer2000 in the Server Name. In normal case it will give us the error. However, in this case we will provide an incorrect name in the Login >> ServerName connection.

We will right away click on “Additional Connection Parameters” and will enter following text in the string Parameters:  Data Source=localhost

Now let us hit connect and you will see following situation.

Well, as warned earlier, SSMS would override the value and hence we are connected to a server which is in additional connection parameters. Everywhere in SSMS, we would see instance SQLServer2000 which is in login tab, but actual server is the SQL Server 2012. Now imagine a drop database executed in SSMS, thinking that this was ainstance SQLServer2000 but they end up on instance BIG. It is quite possible some of the commands will now return error if they are deprecated in instance SQLServer2000. This will be fun prank – which you should not play with anyone.

Moral of the story: Be careful while using this tab. Use this only for those settings which are not available in management studio by default.

Hope you have learned something new today.


Thanks Balmukund Twitter for this wonderful guest post.

Reference: Pinal Dave (http://blog.sqlauthority.com)

About these ads

8 thoughts on “SQL SERVER – How to Hide Yourself from SQL Server? – Guest Post by Balmukund Lakhani

  1. Amazing – Hiding myself indeed ! I always knew what an ocean SQL was, but Balmukund, Pinal you make it so much more vast and fun

  2. Hi Team,

    Happy birthday Balamukunan,

    i m trying to execute on 2008R2 1st step i getting below error:

    Error:
    Cannot connect testdb01
    Key worddoes not support ‘icationname’

    Sugget me any thing wrong from my side.

  3. Hi Pinal & Balmukund

    Really Nice post.

    I have searched for all possible parameters in Additional Connection Property page but did not get much. Can you help me on this?

    Thanks
    Rohit

  4. Pingback: SQL SERVER – Another lesser known feature of SQL Server Management Studio 2012 – Guest Post by Balmukund Lakhani | Journey to SQL Authority with Pinal Dave

  5. Its a tremendously interesting post and the humor behind the title is awesome indeed!!

    Its a great honor to learn tips and tricks from Pinal and Balmukund :)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s