Re: file system permissions and cross-database certificates?
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Thu, 07 Feb 2008 15:03:56 -0800
Craig Thomas (CraigThomas@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
Is it really necessary to use the file system to move a certificate from
one database to another within the same instance?
That is, is the use of the file system to BACKUP CERTIFICATE TO
FILE='C:\temp\mycert.cert' in one database, so that CREATE CERTIFICATE
FROM
FILE='C:\temp\mycert.cert' in a second (or subsequent) database the only
way to achieve the key handling that enables certificate based
permissions?
Or is there some internal-to-SQL Server mechanism that I have not yet
found in the books on line?
I have not found anything yet. I agree that it's a bit clumsy to
use the file system.
Then there's the xp_cmdshell firehose that represents the most practical
approach toward allowing a repeatable BACKUP CERTIFICATE command -- if
you don't delete the file first, your command will fail, and the most
reasonable way to deal with this is to script the delete. But either you
use a windows shell with file-system permissions or you open up
xp_cmdshell to a SQL Server user.
There is xp_delete_file, but it's undocumented and unsupported.
You could write a CLR procedure to do the delete, then you do not at least
need to enable xp_cmdshell. Then again, the database is likely to have
be marked as trustworthy.
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- Prev by Date: Re: ODBC Connection security
- Next by Date: Re: Cross-database execution permissions with certificates and sch
- Previous by thread: Re: ODBC Connection security
- Next by thread: Trouble with SSL
- Index(es):
Relevant Pages
|
|
