Service Broker security is the subject of confusion even among people who think they know how it works. Some of the confusion occurs because security was tightened up in the last few CTPs.
I've read in two different places that Service Broker conversations always need to have a master key in the database(s) where the services run. Not so. You don't need a database master key (and this is in RTM) if:
1. Both services (initiator and target) live in the same database
2. You begin the conversation using ENCRYPTION = OFF in the BEGIN DIALOG statement
ENCRYPTED = ON is the default, and you do need a database master key in this case, hence the confusion.
5 thoughts on “Service broker and database master keys”
Second bullet and last line should read "ENCRYPTION = OFF" instead of "ENCRYPTED = OFF".
Thanks, Darshan. I really need that SQL statement completion and syntax checking feature in notepad. 😉
Glad it was helpful Richard. Does "ALTER DATABASE foo SET NEW_BROKER" not do what you want? (ie reset *everything* broker in a specific database).
There is a third bullet to that:
3. There should be no remote service binding for the target service in the initiating database.
There is confusion behind the ENCRYPTION = OFF clause. Instead of ON and OFF, we really should have called it REQUIRED and SUPPORTED. Presence of remote service binding takes precendence over the ENCRYPTION clause in the BEGIN DIALOG statement.
Also, we do not recommend people not to use security. Security is not too expensive. We tried hard to make secure dialogs work close to 90% the speed of unsecure dialogs. Hence unless you really want that extra 10% performance and you really really don’t care about security, you should use full dialog security.
I didn’t include a recommendation about using or not using security anywhere in the original post. Or anything about whether or not encryption is actually being used if ENCRYPTION=OFF is specified.
The blog entry was in response to the blanket statement, that I’d seen in a few places, that states "A database master key is *always* required for Service Broker to function". That statement is simply not true. Recommendations aside.
Comments are closed.