Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersSoftware - Is this legal?


2773 posts

Uber Geek
+1 received by user: 216


Topic # 45923 5-Nov-2009 00:05
Send private message

Hey, not sure if this should be in any other forum so putting it here.

I have a question regarding some software and wether it is legal or not and could be breaching the Fair Trading Act.

This software installs and runs its own instance of an SQL database. When you first run the software it creates a random sa password for the database and normally this isn't a problem.

The problem arises when you want to use something like ShadowProtect to take a system backup image at regular intervals. Because you don't know the sa password and all other system and administrator accounts are removed from this SQL instance, the backup software is unable to take a snapshot of the database.

This is where I think something is wrong as I spoke to the software supplier and you have to buy another piece of software that will reveal the sa password! The price of this software is about $1500! This is more than the database software itself!

This might be ok practice in other countries but here in NZ I'm sure this can't be legal?

Anyone have any thoughts about this?

The way I see it is that it would be like HP or Acer or whoever putting an administrator password on all their new computers and then charging you to tell you what it is when you suddenly find you need it for something.






Computer Repairs Whangarei
Apple Authorised Reseller
Apple Authorised Service Provider

Create new topic
BDFL - Memuneh
58762 posts

Uber Geek
+1 received by user: 10157

Administrator
Trusted
Geekzone
Subscriber

  Reply # 270172 5-Nov-2009 00:16
Send private message

It is not even the case of being legal or not. This company is holding your business - what if they go bust tomorrow? You won't be able to do anything with this software then?

They shouldn't run a database on your system without giving you the password. I would dump this supplier and find something else.




Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business)My technology disclosure  

Infrastructure Geek
4043 posts

Uber Geek
+1 received by user: 193

Trusted
Microsoft NZ
Subscriber

  Reply # 270173 5-Nov-2009 00:30
Send private message

if the software you bought still works for its intended purpose, then i see no reason why it would be "illegal". its not much different from copy protection on CD's or DVD's etc.

All said, you should still be able to back up your server with this software on it. If a 'live' backup does not work, then schedule the sql instance to be shut down, database files backed up, and subsequently restarted.

if the actual data in the database tables is not encrypted, then you'll probably find that taking the MDF and LDF files (while sql instance shut down) and attaching them to another SQL instance is all you need to gain access to the database




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs

 
 
 
 


I'm @nate
6290 posts

Uber Geek
+1 received by user: 374

Moderator
Trusted
Subscriber

  Reply # 270176 5-Nov-2009 01:02
Send private message

CYaBro: This software installs and runs its own instance of an SQL database. When you first run the software it creates a random sa password for the database and normally this isn't a problem.


The software you are talking about isn't ACT by any chance?

I remember running into this issue when trying to hook a online mail marketing system into the ACT program my Dad was running.  We ended up giving up as I couldn't get access to the data, and it was too hard to use ACT itself.

I think it is legal, most other software doesn't allow you free reign to its data stores, and in locking down the database ACT guarantees you can't break it by messing with the database.  This is still very annoying.

Could you possibly get around this by stopping the SQL Server service, and backing up the MDF file?





Custom software development | Mt Eden Cafe | Cafe Owner



2773 posts

Uber Geek
+1 received by user: 216


  Reply # 270189 5-Nov-2009 06:54
Send private message

Yes it is Act! It's not us that is using the software, some of our clients are.
Changing the software is not really an option as they have all invested too much time and money on Act! to change.

We can still do a backup of the database but only once a day using the built in backup that comes with Act! kind of defeats the purpose of using ShadowProtect which is taking an image of the system every 15 minutes.

They obviuosly aren't too worried about access to the database if they are willing to sell you the software to get the sa password.
I think they do it so anyone wanting to create an addon for Act! has to pay for the privilage or you buy one of their addons.






Computer Repairs Whangarei
Apple Authorised Reseller
Apple Authorised Service Provider

1367 posts

Uber Geek
+1 received by user: 149


  Reply # 270195 5-Nov-2009 07:46
Send private message

There are many options to reset the SA password, just Google "SQL Server forgot SA password" (without the quotes).

I guess the bigger problem is that their software probably has the password hard coded somewhere. First thing I would do it check all text type files for possible passwords. I that didnt find it, check the registry and then go through the executables with the hex editor.

Just some options but becareful as if you change the SA password and cant find the one Act thinks it needs to use you will be stuffed.

I'm @nate
6290 posts

Uber Geek
+1 received by user: 374

Moderator
Trusted
Subscriber

  Reply # 270366 5-Nov-2009 15:05
Send private message

CYaBro: They obviuosly aren't too worried about access to the database if they are willing to sell you the software to get the sa password.


That's what I thought when I enquired about getting the sa password. Ridiculous really.





Custom software development | Mt Eden Cafe | Cafe Owner

1290 posts

Uber Geek
+1 received by user: 319


  Reply # 270402 5-Nov-2009 16:44
Send private message

Doesn;t sound illegal but it's certainly hideous customer gouging!

With Act can you not set it up to do a database backup to a flat file ?  Think there is something in the scheduler .. then scoop that file up with your backup system
Cludgy but better than nothing.

Mark




DRZ  Smarterer

Infrastructure Geek
4043 posts

Uber Geek
+1 received by user: 193

Trusted
Microsoft NZ
Subscriber

  Reply # 270423 5-Nov-2009 17:53
Send private message

regardless of all the above, doesnt ShadowProtect do VSS snapshots of your server anyway? shouldnt that be sufficient to get a point-in-time backup of your server, including the SQL Server databases that are running at the time of the snapshot? I didnt think this required the SQL SA or Admin password as long as you had access to the VSS service? Is there an actual error occuring?




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs



2773 posts

Uber Geek
+1 received by user: 216


  Reply # 270433 5-Nov-2009 18:13
Send private message

Regs: regardless of all the above, doesnt ShadowProtect do VSS snapshots of your server anyway? shouldnt that be sufficient to get a point-in-time backup of your server, including the SQL Server databases that are running at the time of the snapshot? I didnt think this required the SQL SA or Admin password as long as you had access to the VSS service? Is there an actual error occuring?


The SQL VSS writer needs admin access to the SQL database to be able to take a snapshot :(
On the systems I have installed ShadowProtect on that also have Act! the Application Event Log is full of VSS errors as it can't get access!






Computer Repairs Whangarei
Apple Authorised Reseller
Apple Authorised Service Provider

217 posts

Master Geek
+1 received by user: 2


  Reply # 270671 6-Nov-2009 15:35
Send private message

CYaBro: The SQL VSS writer needs admin access to the SQL database to be able to take a snapshot :( On the systems I have installed ShadowProtect on that also have Act! the Application Event Log is full of VSS errors as it can't get access!



The SQL Writer account needs to included in the 'sa' role for the database instance, but given that the SQL Writer runs as LocalSystem by default, it should have that level of access already. Are the daily backups performed by ACT! being done as a database dump rather than a VSS snapshot?


Can you post the exact errors that are being generated when the VSS snap is being attempted? It could be to do with the stable timeout (or whatever it's called in VSS terminology) that requires a certain length of time without disk I/O before the snapshot can be taken, as opposed to being a permissions error.  


http://msdn.microsoft.com/en-us/library/cc966520.aspx says:

SQL Writer Service Account
During installation, the SQL writer account will be installed to use the Local System account. Since the SQL writer needs to talk to SQL Server using exclusive VDI APIs, the SQL writer account must have sufficient access rights for both SQL Server and VSS.  Configuring the service as a Local System account provides sufficient rights for the service to run correctly.
Note   To have the SQL writer service work correctly, it is important to make sure that the Local System account is not removed from the SQL Server instance’s ‘sa’ role.

 

 



2773 posts

Uber Geek
+1 received by user: 216


  Reply # 272209 11-Nov-2009 23:48
Send private message

Note   To have the SQL writer service work correctly, it is important to make sure that the Local System account is not removed from the SQL Server instance’s ‘sa’ role.


And that's the problem. Act removes all access to the SQL database instance except for sa so without the password you are screwed.
Doing some searching and people have found ways of getting in and adding another user but act seems to check this and removes it again next time it is run.






Computer Repairs Whangarei
Apple Authorised Reseller
Apple Authorised Service Provider

I'm @nate
6290 posts

Uber Geek
+1 received by user: 374

Moderator
Trusted
Subscriber

Reply # 272231 12-Nov-2009 02:51
Send private message

The sa password for ACT isn't halfway down this page is it?





Custom software development | Mt Eden Cafe | Cafe Owner



2773 posts

Uber Geek
+1 received by user: 216


  Reply # 272236 12-Nov-2009 06:27
Send private message

Yea saw that but the problem is that the first time you run Act! it changes the password to something random and the only way to find out what this is is by buying their sa password software.
Under NZ law this just seems completely wrong that they can pretty much hold you to ransom like this. You either use their very basic built in backup or pay to access your own data with a third party backup solution.
They also sell Act! addons that will also do more with Act! for you or you can buy a SDK which allows you to create your own addons and also gives you the sa password.

I don't know of any other software that does this and when I have come across some software that does something like this, a quick call to their helpdesk and they have been happy to give any admin password that was required.






Computer Repairs Whangarei
Apple Authorised Reseller
Apple Authorised Service Provider

217 posts

Master Geek
+1 received by user: 2


  Reply # 272272 12-Nov-2009 09:18
Send private message

I don't think they're doing anything wrong under the law. They provide some software, it stores data you put in there, and there are methods to access and manipulate that data. That's no different than Microsoft Word: it stores data in Word documents. You access that information through the methods that Microsoft provide. They don't provide any open access to the information stored in those Word documents.

There's nothing under law that says a software provider must provide open access to data that you put into their software.

1967 posts

Uber Geek
+1 received by user: 331

Trusted
Subscriber

  Reply # 272283 12-Nov-2009 09:28
Send private message

I have also been down this road - basically there justification is that if users dont have access to the database then they cant stuff it up. There is a backup solution within ACT from memory so in the end we went with just running that before the general system backup so that the ACT backup files are backed up.




When you live your life on Twitter and Facebook, and are only friends with like minded people on Twitter and Facebook, you are not living in the real world. You are living in a narcissistic echo chamber.

 


My thoughts are my own and are in no way representative of my employer.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Chow brothers plan to invest NZ$100 million in technology
Posted 24-Sep-2017 16:24

Symantec protects data everywhere with Information Centric Security
Posted 21-Sep-2017 15:33

FUJIFILM introduces X-E3 mirrorless camera with wireless connectivity
Posted 18-Sep-2017 13:53

Vodafone announces new plans with bigger data bundles
Posted 15-Sep-2017 10:51

Skinny launches phone with support for te reo Maori
Posted 14-Sep-2017 08:39

If Vodafone dropping mail worries you, you’re doing online wrong
Posted 11-Sep-2017 13:54

Vodafone New Zealand deploy live 400 gigabit system
Posted 11-Sep-2017 11:07

OPPO camera phones now available at PB Tech
Posted 11-Sep-2017 09:56

Norton Wi-Fi Privacy — Easy, flawed VPN
Posted 11-Sep-2017 09:48

Lenovo reveals new ThinkPad A Series
Posted 8-Sep-2017 14:37

Huawei passes Apple for the first time to capture the second spot globally
Posted 8-Sep-2017 10:45

Vodafone initiative enhances te reo Maori pronunciation on Google Maps
Posted 8-Sep-2017 10:40

Voyager Internet expand local internet phone services company with Conversant acquisition
Posted 6-Sep-2017 18:27

NOW Expands in to Tauranga
Posted 5-Sep-2017 18:16

Windows 10 Fall Creators Update coming Oct. 17
Posted 4-Sep-2017 14:10


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.