on 2010 Mar 15 11:08 AM
This is a question about protecting an embedded database from external Forces Of Evil.
Let's say server S has started database D, and there is a DatabaseStart event in database D that checks to make sure it's the ONLY database running on S; e.g., it checks that sa_db_info() returns only one row.
So far so good.
Now, let's say some external agent tries to tell server S to start another database D2. How can code inside database D prevent that from happening?
External layers of protection are not sufficient; e.g., dbsrv11 -gd, -xd, cool stuff like that. Alas, the "external agent" can modify the dbsrv11.exe command line, but not the code inside database D, and that's where the protection must reside.
Note that the DatabaseStart event inside D only fires when D starts, not D2... there is no concept of server-level events ( that I know of 🙂
An answer which begins "Don't bother" is welcome, but will not get a green checkmark 🙂
This sounds like a tough problem -- you control the database but without control over the server command line or server the database is loaded in, it is hard to give the protection you are asking for. The following are partial or inadequate solutions but the best I have thought of so far:
PROPERTY('StartDBPermission')
in a login procedure and fail the login if the property doesn't match what you expect.Like @Mark I would be interested in more details of what you would like to accomplish. I wondered if secure features might be an answer here but I didn't see a way to secure the stop/start database feature (maybe I missed it).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
71 | |
11 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.