8.2. Security Considerations for Service Broker

Configuring security is probably the most complex piece of Service Broker application. Nevertheless, Service Broker is designed to run enterprise applications in very secure environments. In fact, by default, Service Broker can only send messages within the database. Recall from the first example that in order to send the message to a different database on the same SQL Server instance, you had to set the TRUSTWORTHY bit to 1 for both databases.

Service Broker provides two distinct levels of security:

  • Transport security: Secures the TCP/IP connection between two SQL Server instances on different servers

  • Dialog Security: Secures each individual dialog between the two dialog endpoints. This ensures that the services exchanging the messages are who they say they are.

In cases where the highest level of security is required, using both transport and dialog security is appropriate. In addition, Service Broker uses regular SQL Server security to assign permission to users to enable them to create and use the various Service Broker objects such as message types, contracts, and services.

8.2.1. Transport Security

Transport security secures the TCP/IP connection. There are two parts to transport security: authentication (whereby the two instances of SQL server determine that they are willing to talk) and encryption of the data over the network. Note that authentication is not optional, but encryption is. In order for two SQL Server instances ...

Get Professional Microsoft® SQL Server® 2008 Administration now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.