FIX: The error message that the SELECT statement returns may contain user data in SQL Server 2000 (900625)
The information in this article applies to:
- Microsoft SQL Server 2000 Desktop Engine (MSDE)
- Microsoft SQL Server 2000 Developer Edition
- Microsoft SQL Server 2000 Enterprise Edition
- Microsoft SQL Server 2000 Personal Edition
- Microsoft SQL Server 2000 Standard Edition
- Microsoft SQL Server 2000 Workgroup Edition
Bug #: 474105 (SQL Server 8.0) Microsoft distributes SQL Server 2000 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2000 fix release. SUMMARYThis article describes the following about this hotfix
release: - The issues that are fixed by this hotfix package
- The prerequisites for installing the hotfix
package
- Whether you must restart your computer after you apply
the hotfix package
- Whether the hotfix package is replaced by any other hotfix
package
- Whether you must make any registry changes
- The files that are contained in the hotfix
package
SYMPTOMSWhen you use a SELECT statement to fetch information from a
view, and the SELECT statement returns an error message in Microsoft SQL Server
2000, the error message may contain user data. The user data is not returned in
the final result if the SELECT statement successfully fetches data from a view.
For example, user data is returned in an error message that is similar to the
following: Server: Msg 506, Level 16, State 1, Line 1
Invalid escape character 'John' was specified in a
LIKE predicate. For a list of all publicly released SQL
Server 2000 Post-Service Pack 3a hotfixes, see the following article in the
Microsoft Knowledge Base: 810185 SQL Server
2000 hotfix update for SQL Server 2000 Service Pack 3 and 3a
RESOLUTIONHotfix informationA supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Microsoft SQL Server 2000 service pack that contains this hotfix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site: Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question. Prerequisites-
Microsoft SQL Server 2000 Service Pack 3 (SP3)
For more information about how to obtain SQL Server 2000 Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:
290211
How to obtain the latest SQL Server 2000 service pack
- Microsoft SQL Server 2000 hotfix build 2000.80.1007
For more information about how to obtain SQL Server 2000 hotfix build 2000.80.1007, click the following article number to view the article in the Microsoft Knowledge Base:
893312
FIX: You may receive a "SQL Server could not spawn process_loginread thread" error message, and a memory leak may occur when you cancel a remote query in SQL Server 2000
Restart information You do not have to restart the computer after you apply this
hotfix. Registry information You do not have to make changes to the
registry after you apply this
hotfix. Hotfix file informationThis hotfix contains only those files that are required to correct
the issues that this article discusses. This hotfix may not contain of all the
files that you must have to fully update a product to the latest
build.
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. Date Time Version Size File name
-------------------------------------------------------------------
22-Jun-2005 02:07 2000.80.1029.0 664,128 Autoplt.dll
22-Jun-2005 02:07 2000.80.1029.0 78,400 Console.exe
22-Jun-2005 02:07 2000.80.1029.0 332,352 Ctasksui.dll
22-Jun-2005 02:07 2000.80.1029.0 315,968 Custtask.dll
22-Jun-2005 02:07 2000.80.1029.0 33,340 Dbmslpcn.dll
15-Apr-2005 01:17 786,432 Distmdl.ldf
15-Apr-2005 01:17 2,359,296 Distmdl.mdf
15-Apr-2005 01:17 180 Drop_repl_hotfix.sql
22-Jun-2005 02:07 2000.80.1029.0 1,905,216 Dtspkg.dll
22-Jun-2005 02:07 2000.80.1029.0 528,960 Dtspump.dll
22-Jun-2005 02:07 2000.80.1029.0 1,557,052 Dtsui.dll
22-Jun-2005 02:07 2000.80.1029.0 639,552 Dtswiz.dll
22-Jun-2005 02:07 2000.80.1029.0 102,992 Impprov.dll
15-Apr-2005 01:17 747,927 Instdist.sql
15-Apr-2005 01:17 1,581 Inst_repl_hotfix.sql
22-Jun-2005 02:07 2000.80.1029.0 352,828 Isqlw.exe
22-Jun-2005 02:07 2000.80.1029.0 82,492 Itwiz.exe
22-Jun-2005 02:07 2000.80.1029.0 90,692 Msgprox.dll
15-Apr-2005 00:59 8.11.41022.0 226,304 Mssdi98.dll
22-Jun-2005 02:07 2000.80.1029.0 62,024 Odsole70.dll
22-Jun-2005 02:08 2000.80.1029.0 25,144 Opends60.dll
22-Jun-2005 02:07 2000.80.1029.0 57,904 Osql.exe
22-Jun-2005 02:07 2000.80.1029.0 279,104 Pfutil80.dll
15-Apr-2005 01:13 551,012 Procsyst.sql
15-Apr-2005 01:17 12,305 Qfe469315.sql
15-Apr-2005 01:17 19,195 Qfe469571.sql
15-Apr-2005 01:17 5,157 Qfe472197.sql
22-Jun-2005 02:07 2000.80.1029.0 143,940 Qrdrsvc.exe
22-Jun-2005 01:54 1,136,160 Replmerg.sql
22-Jun-2005 02:07 2000.80.1029.0 221,768 Replprov.dll
22-Jun-2005 02:07 2000.80.1029.0 307,784 Replrec.dll
17-Jun-2005 22:42 2000.80.1029.0 159,813 Replres.rll
15-Apr-2005 01:17 1,088,240 Replsys.sql
15-Apr-2005 01:17 986,746 Repltran.sql
15-Apr-2005 01:17 55 Repl_uninstall.sql
22-Jun-2005 02:07 2000.80.1029.0 287,304 Rinitcom.dll
22-Jun-2005 02:07 2000.80.1029.0 78,416 Sdiclnt.dll
22-Jun-2005 02:07 2000.80.1029.0 823,872 Semexec.dll
22-Jun-2005 02:07 2000.80.1029.0 66,112 Semmap.dll
22-Jun-2005 02:07 2000.80.1029.0 57,916 Semnt.dll
22-Jun-2005 02:07 2000.80.1029.0 492,096 Semobj.dll
17-Jun-2005 23:09 2000.80.1029.0 172,032 Semobj.rll
22-Jun-2005 02:07 2000.80.1029.0 53,832 Snapshot.exe
15-Apr-2005 01:13 125,540 Sp3_serv_uni.sql
22-Jun-2005 02:07 2000.80.1029.0 28,672 Sqlagent.dll
22-Jun-2005 02:07 2000.80.1029.0 311,872 Sqlagent.exe
22-Jun-2005 02:07 2000.80.1029.0 168,001 Sqlakw32.dll
22-Jun-2005 02:07 2000.80.1029.0 33,344 Sqlctr80.dll
22-Jun-2005 02:07 2000.80.1029.0 4,215,360 Sqldmo.dll
22-Jun-2005 02:07 25,172 Sqldumper.exe
17-Jun-2005 22:30 2000.80.1029.0 28,672 Sqlevn70.rll
22-Jun-2005 02:07 2000.80.1029.0 156,224 Sqlmaint.exe
22-Jun-2005 02:07 2000.80.1029.0 180,792 Sqlmap70.dll
22-Jun-2005 02:07 2000.80.1029.0 188,992 Sqlmmc.dll
17-Jun-2005 23:01 2000.80.1029.0 479,232 Sqlmmc.rll
22-Jun-2005 02:07 2000.80.1029.0 401,984 Sqlqry.dll
22-Jun-2005 02:07 2000.80.1029.0 57,920 Sqlrepss.dll
22-Jun-2005 02:07 2000.80.1029.0 7,725,137 Sqlservr.exe
22-Jun-2005 02:07 2000.80.1029.0 590,396 Sqlsort.dll
22-Jun-2005 02:07 2000.80.1029.0 45,644 Sqlvdi.dll
22-Jun-2005 02:07 2000.80.1029.0 106,588 Sqsrvres.dll
22-Jun-2005 02:07 2000.80.1029.0 33,340 Ssmsgnet.dll
22-Jun-2005 02:07 2000.80.1029.0 33,340 Ssmslpcn.dll
22-Jun-2005 02:07 2000.80.1029.0 33,340 Ssmsqlgc.dll
22-Jun-2005 02:07 2000.80.1029.0 82,492 Ssnetlib.dll
22-Jun-2005 02:07 2000.80.1029.0 25,148 Ssnmpn70.dll
22-Jun-2005 02:07 2000.80.1029.0 123,456 Stardds.dll
22-Jun-2005 02:07 2000.80.1029.0 158,268 Svrnetcn.dll
22-Jun-2005 02:07 2000.80.1029.0 76,416 Svrnetcn.exe
22-Jun-2005 02:07 2000.80.1029.0 49,228 Ums.dll
22-Jun-2005 02:07 2000.80.1029.0 74,304 Xplog70.dll
22-Jun-2005 02:07 2000.80.1029.0 98,872 Xpweb70.dll Note Because of file dependencies, the most recent hotfix or feature
that contains these files may also contain additional files. STATUSMicrosoft
has confirmed that this is a problem in the Microsoft products that are listed
in the "Applies to" section.MORE INFORMATIONTrace flag 3625 is requiredAfter you apply this hotfix, you must make sure that trace flag 3625 is
turned on. Additionally, you cannot
dynamically turn on or turn off this trace flag by using the DBCC TRACEON statement or the DBCC TRACEOFF statement. You must configure this trace flag
as a startup parameter. To do this, follow these steps:
- Start SQL Server Enterprise Manager.
- Right-click the instance of SQL Server, and then click
Properties.
- Click the General tab, and then click
Startup Parameters.
- In the Startup Parameters dialog box, type
-T3625 in the Parameter box, click
Add, and then click OK.
- In the SQL Server Properties dialog box, click
OK.
- Restart the SQL Server service.
Errors that have been fixedThe following errors have been
fixed in this hotfix package: - 151
- 220
- 232
- 238
- 244
- 245
- 248
- 281
- 506
Behavior differences between members of the sysadmin users group and non-membersIf a logon user is not a member of the sysadmin users group, the error messages for the errors in the "Errors that have been fixed" section will mask user data as *******. The following example shows the old behavior
and the new behavior. The client receives an error message when the following query fails. SELECT cast ('abc' as int) When the query fails, the client may receive one of the following
error messages:
- Message 1
Server: Msg 245,
Level 16, State 1, Line 1 Syntax error converting the varchar value 'abc' to a
column of data type int. - Message 2
Server: Msg 245,
Level 16, State 1, Line 1 Syntax error converting the varchar value '******' to
a column of data type int.
After you apply this hotfix, message 1 is returned if a logon user
is a member of the sysadmin users group. Message 2 is returned if a logon user is not a
member of the sysadmin users group. How to obtain the unmasked data values from the errors that have been fixedIf you see the errors that appear in the "Errors that have been fixed" section, you may want to use the data values that have been masked
when you troubleshoot the errors. If you are not a
member of the sysadmin users group, you will have to contact a member of the sysadmin users group for help with the following workarounds: - If the query is not user context-sensitive, a member of the sysadmin users group can run the query to obtain the unmasked data value for you.
- If the query is user context-sensitive, a member of the sysadmin users group will have to turn off the trace
flag 3625. Then you can run the query again to obtain the unmasked data value yourself. This workaround requires
restarting SQL Server.
Note Turning off the trace flag will cause SQL
Server to again experience the problem that is mentioned in the "Symptoms" section. Therefore, we recommend that a member of the sysadmin users group
turn on the trace flag as soon as possible after you have obtained the unmasked data value.
Informational messageWhen trace flag 3625 is turned on,
SQL Server logs the following message in the error log to indicate that some
errors have been masked: SQL Server is started with trace flag 3625, this may cause
user to see some error messages masked using '******'.
Modification Type: | Minor | Last Reviewed: | 7/25/2006 |
---|
Keywords: | kbbug kbfix kbHotfixServer kbQFE kbpubtypekc KB900625 kbAudDeveloper kbAudITPRO |
---|
|