September 27, 2010 at 12:39 pm
I recently worked on a requirement that needs to know a vendor's database's table change. I am using service broker (SQL 2005) to track this info change and it works amazingly, whenever there is a change in the vendor's database (new insert, update or delete), I will get notified right away.
By doing this I am in in sync with the target table in their database, and this doesn't require change on their database, all I need is the select permission on the target table.
However, this raised my concern on security: is that something you should applaud for? or there is potential security problem.
Digging more on this topic, it was said service broker has been removed from SQL 2008, while I don't have SQL 2008, so I have no way to verify this and no idea how the same function could be accommodated in a newer system? does 2008 provides any similar feature?
Should I be concerning about the security? it's claimed that security is in place, but .... who knows.
Any comments are welcomed.
Thanks.
September 27, 2010 at 2:49 pm
From my point of view there is no issue regarding Service Broker security.
The security hole is your SELECT permission on the target table. The only difference between a scheduled job selecting the data from the target table and sync it with your own table is the time difference (and the effort it takes).
And no, Service Broker has not been removed from SS2K8. Fortunately. It has been improved, though. 😀 (e.g. external activation, SSMS enhancements a.s.o.).
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply