Belešku
Pristup ovoj stranici zahteva autorizaciju. Možete pokušati da se prijavite ili da promenite direktorijume.
Pristup ovoj stranici zahteva autorizaciju. Možete pokušati da promenite direktorijume.
Applies to: 
SQL Server
Azure SQL Managed Instance
Service Broker provides a flexible security framework for helping you secure your applications. This topic explains considerations for managing Service Broker security.
Plan security
Each application has unique security requirements. Part of managing security is to carefully plan the requirements for your application. Transport security, dialog security, and the security infrastructure built into SQL Server work together to help you secure your application.
All applications use the security infrastructure built into SQL Server. Each operation in SQL Server occurs in a specific security context. In most cases, you create SQL Server database principals specifically for the application. This helps you to ensure that each step in the application runs in a security context with only the privileges necessary for that step. For example, the principal that you specify for internal activation needs execute permissions on the stored procedure that Service Broker activates. The stored procedure itself might impersonate a user that has RECEIVE permission for the queue and UPDATE permission for a particular table. You design your application so that, at each stage, the security context for the application doesn't have permission to perform unexpected operations.
Applications that send messages between SQL Server instances can use transport security, dialog security, or both. Transport security and dialog security provide distinctly different protections.
Service Broker dialog security provides end-to-end encryption and authorization for conversations between specific services. Therefore, dialog security helps protect data against inspection or modification in transit. Applications that transmit confidential or sensitive data, or that transmit messages over untrusted networks, should use dialog security. Dialog security can help a participant in the conversation identify the other participant in the conversation.
Because dialog security applies to specific services, you must configure dialog security for each service that uses dialog security. However, an instance might use dialog security for some conversations and allow other conversations to be transmitted unencrypted. For example, conversations to a service that updates customer information might use dialog security, whereas conversations that simply look up part number information might not require dialog security.
Service Broker uses the remote service bindings in the database that begins the conversation to determine the security for the conversation. Service Broker therefore uses the service name to determine the security for the service. In cases where more than one instance of the same target service exists, routing for the initiating services must be carefully managed so that initiating services only communicate with target services that contain matching certificates. All services with the same name must be configured with the same certificate.
Service Broker transport security prevents unauthorized network connections to Service Broker endpoints, detects alterations to messages in transit, and optionally provides point-to-point encryption. This helps protect your database against receiving unwanted messages. Because transport security applies to network connections, transport security automatically applies to all conversations between the SQL Server instances. However, transport security doesn't provide end-to-end encryption, and doesn't provide authentication for individual conversations.
Maintain security
Maintaining security for Service Broker applications consists of two main tasks: auditing the application configuration and replacing the certificates that the application uses.
Periodically audit the application to determine that the security configuration is unchanged and that the security configuration meets the business needs for the application.
Dialog security relies on certificates for authentication and encryption. Transport security might also use certificates. A certificate has a specified time during which the certificate is valid. The certificate isn't valid before this time begins or after this time expires. Service Broker doesn't use certificates that aren't currently valid. In addition, SQL Server includes the ACTIVE FOR BEGIN_DIALOG option to make a certificate available to Service Broker. To update certificates, create or load new certificates with the active for begin dialog option set to OFF. Once all of the certificates are loaded, alter the current certificates in all databases to make the certificates unavailable to Service Broker, then alter the new certificates by setting the ACTIVE FOR BEGIN_DIALOG option so that those certificates are available to Service Broker.
For more information on certificates, see Certificates and Service Broker and CREATE CERTIFICATE.