Service broker and database master keys

5 thoughts on “Service broker and database master keys”

1. Hi Bob,
   Second bullet and last line should read "ENCRYPTION = OFF" instead of "ENCRYPTED = OFF".

   Thanks.

2. Thanks, Darshan. I really need that SQL statement completion and syntax checking feature in notepad. 😉

   Cheers,
   Bob

3. Glad it was helpful Richard. Does "ALTER DATABASE foo SET NEW_BROKER" not do what you want? (ie reset *everything* broker in a specific database).

4. There is a third bullet to that:

   3. There should be no remote service binding for the target service in the initiating database.

   There is confusion behind the ENCRYPTION = OFF clause. Instead of ON and OFF, we really should have called it REQUIRED and SUPPORTED. Presence of remote service binding takes precendence over the ENCRYPTION clause in the BEGIN DIALOG statement.

   Also, we do not recommend people not to use security. Security is not too expensive. We tried hard to make secure dialogs work close to 90% the speed of unsecure dialogs. Hence unless you really want that extra 10% performance and you really really don’t care about security, you should use full dialog security.

5. Hi Rushi,

   I didn’t include a recommendation about using or not using security anywhere in the original post. Or anything about whether or not encryption is actually being used if ENCRYPTION=OFF is specified.

   The blog entry was in response to the blanket statement, that I’d seen in a few places, that states "A database master key is *always* required for Service Broker to function". That statement is simply not true. Recommendations aside.

Comments are closed.