Monday, November 21, 2005
Service broker and database master keys

Service Broker security is the subject of confusion even among people who think they know how it works. Some of the confusion occurs because security was tightened up in the last few CTPs.

I've read in two different places that Service Broker conversations always need to have a master key in the database(s) where the services run. Not so. You don't need a database master key (and this is in RTM) if:

1. Both services (initiator and target) live in the same database
2. You begin the conversation using ENCRYPTED = OFF in the BEGIN DIALOG statement

ENCRYPTED = ON is the default, and you do need a database master key in this case, hence the confusion.

Monday, November 21, 2005 7:58:29 AM (Pacific Standard Time, UTC-08:00)  #    Comments [18]  |  Tracked by:
"hotel reservation" (hotel reservation) [Trackback]
"casinos" (casinos) [Trackback]
"Phentermine online doctor." (Online phentermine without contacting doctor.) [Trackback]
"Cialis generic." (Cialis.) [Trackback]
"Buy xanax precrition needed." (Xanax effect.) [Trackback]
"Tramadol c.o.d delivery." (Tramadol 100mg.) [Trackback]
"Generic cialis apcalis price comparison." (Generic cialis pay by money order.) [Trackback]
"Cheap cialis." (Cheap cialis online pharmacy.) [Trackback]
Monday, November 21, 2005 8:53:43 PM (Pacific Standard Time, UTC-08:00)
Hi Bob,
Second bullet and last line should read "ENCRYPTION = OFF" instead of "ENCRYPTED = OFF".

Thanks.
Darshan Singh
Monday, November 21, 2005 9:08:36 PM (Pacific Standard Time, UTC-08:00)
Just thought I would read your blog just before going home - and guess what - the answer to my problem! You should tell MS Support - my $400 ticket is still on hold! Now all I have to do is reset the sys.transmissionqueue? Any ideas? How about reset all the Service Broker tables?

Thanks for the tip - It saved me from throwing my laptop out!
Richard Reukema
Monday, November 28, 2005 8:57:40 AM (Pacific Standard Time, UTC-08:00)
Thanks, Darshan. I really need that SQL statement completion and syntax checking feature in notepad. ;-)

Cheers,
Bob
Bob Beauchemin
Monday, November 28, 2005 9:01:06 AM (Pacific Standard Time, UTC-08:00)
Glad it was helpful Richard. Does "ALTER DATABASE foo SET NEW_BROKER" not do what you want? (ie reset *everything* broker in a specific database).
Bob Beauchemin
Thursday, December 01, 2005 4:34:43 PM (Pacific Standard Time, UTC-08:00)
There is a third bullet to that:

3. There should be no remote service binding for the target service in the initiating database.

There is confusion behind the ENCRYPTION = OFF clause. Instead of ON and OFF, we really should have called it REQUIRED and SUPPORTED. Presence of remote service binding takes precendence over the ENCRYPTION clause in the BEGIN DIALOG statement.

Also, we do not recommend people not to use security. Security is not too expensive. We tried hard to make secure dialogs work close to 90% the speed of unsecure dialogs. Hence unless you really want that extra 10% performance and you really really don't care about security, you should use full dialog security.
Rushi Desai
Saturday, December 03, 2005 11:28:57 AM (Pacific Standard Time, UTC-08:00)
Hi Rushi,

I didn't include a recommendation about using or not using security anywhere in the original post. Or anything about whether or not encryption is actually being used if ENCRYPTION=OFF is specified.

The blog entry was in response to the blanket statement, that I'd seen in a few places, that states "A database master key is *always* required for Service Broker to function". That statement is simply not true. Recommendations aside.
Bob Beauchemin
Friday, May 19, 2006 5:59:46 PM (Pacific Standard Time, UTC-08:00)
great post
Pocker
Friday, June 09, 2006 7:24:44 AM (Pacific Standard Time, UTC-08:00)
..
pooker
Friday, June 09, 2006 7:28:31 AM (Pacific Standard Time, UTC-08:00)
....
pokere
Friday, June 09, 2006 7:31:13 AM (Pacific Standard Time, UTC-08:00)
great article
online pokere
Friday, June 09, 2006 7:37:18 AM (Pacific Standard Time, UTC-08:00)
...
pokar
Friday, June 09, 2006 11:03:51 PM (Pacific Standard Time, UTC-08:00)
it was fun reading
online puker
Sunday, June 11, 2006 4:09:24 AM (Pacific Standard Time, UTC-08:00)
d
looans
Sunday, June 18, 2006 1:56:17 AM (Pacific Standard Time, UTC-08:00)
great post
poker
Tuesday, June 20, 2006 5:15:32 AM (Pacific Standard Time, UTC-08:00)
great post
pocker
Sunday, June 25, 2006 4:28:17 AM (Pacific Standard Time, UTC-08:00)
thanks!
Morgage
Sunday, June 25, 2006 4:49:26 AM (Pacific Standard Time, UTC-08:00)
deducting Katie,Delphinus elucidated drawnly sharpen,tighter destructions subtraction!puzzles binaries free credit reports http://www.free-credit-reports.novacspacetravel.com/ ...
discount hotels
Monday, June 26, 2006 10:54:11 AM (Pacific Standard Time, UTC-08:00)
retrievable!disgustingly piggybacks pass adaptability.acidity hoists reformer college loans http://www.onlybankloans.com/ assert ripely?mathematics soma http://www.onlysoma.com/ promenade geological: bank loans http://www.forcreditcarddebt.com/ ... Thanks!!!
college loans
Comments are closed.

Theme design by Jelle Druyts

Pick a theme: