This is a question about protecting an embedded database from external Forces Of Evil.

Let's say server S has started database D, and there is a DatabaseStart event in database D that checks to make sure it's the ONLY database running on S; e.g., it checks that sa_db_info() returns only one row.

So far so good.

Now, let's say some external agent tries to tell server S to start another database D2. How can code inside database D prevent that from happening?

External layers of protection are not sufficient; e.g., dbsrv11 -gd, -xd, cool stuff like that. Alas, the "external agent" can modify the dbsrv11.exe command line, but not the code inside database D, and that's where the protection must reside.

Note that the DatabaseStart event inside D only fires when D starts, not D2... there is no concept of server-level events ( that I know of :)

An answer which begins "Don't bother" is welcome, but will not get a green checkmark :)

asked 15 Mar '10, 11:08

Breck%20Carter's gravatar image

Breck Carter
26.9k437609883
accept rate: 21%

Interesting question that I have not thought about before... Can you expand on the reason why you want to make sure that there is no other database running on the same server?

(15 Mar '10, 16:24) Mark Culp

This sounds like a tough problem -- you control the database but without control over the server command line or server the database is loaded in, it is hard to give the protection you are asking for. The following are partial or inadequate solutions but the best I have thought of so far:

  1. Require certain properties of the server command line and refuse to start if these are not present. For example, examine PROPERTY('StartDBPermission') in a login procedure and fail the login if the property doesn't match what you expect.
  2. Use a period event to monitor the databases running on the server and "do something" if another one were started.
  3. Pre-emptively load the maximum number of databases when your database starts (I think this is 255). These could be small dummy databases, but there is an overhead to loading these even if there are no connections. Attempts to start other databases would fail.

Like @Mark I would be interested in more details of what you would like to accomplish. I wondered if secure features might be an answer here but I didn't see a way to secure the stop/start database feature (maybe I missed it).

permanent link

answered 22 Mar '14, 15:18

Ivan%20T.%20Bowman's gravatar image

Ivan T. Bowman
2.8k22732
accept rate: 39%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×37

question asked: 15 Mar '10, 11:08

question was seen: 3,646 times

last updated: 22 Mar '14, 15:18