When a restore isn’t really complete - vote on Connect

re: When a restore isn’t really complete - vote on Connect

Remus Rusanu — Fri, 16 Apr 2010 06:24:30 GMT

Disabling Service Broker after a restore is by design. SSB is all about *distributed* applications and restoring a database means part of your distributed application is potentially rolled back in time. Given the potential disaster lurking there the measure to disable broker at restore and attach was intentionally put in.

The reasoning around the other two flags (honor broker priority and trustworthy) are different, but just as valid, they represent well understood vectors of elevation denial of service and of privilege escalation attacks.

re: When a restore isn’t really complete - vote on Connect

James Luetkehoelter — Fri, 16 Apr 2010 14:29:13 GMT

I agree with Remus on these - I would want them disabled on the restore of a database. I'd rather the assumption be that you're restoring/attaching to a new instance and reduce potential priveledges than to leave it open.

re: When a restore isn’t really complete - vote on Connect

Sat, 17 Apr 2010 15:57:22 GMT

have to agree with the others; this would just create a security hole. not a good idea at all.

re: When a restore isn’t really complete - vote on Connect

Sat, 17 Apr 2010 16:06:35 GMT

just wanted to add that calling this a bug is akin to asking MS to disable password policies because it's too difficult to remember complex passwords.