问题
I am new to MS Sql's service broker.
I've examined a couple of tutorials. But I could not find an answer.
I have distributed servers, but luckily all of them are under the same domain.
Is it possible to accomplish a structure without using any certificate?
回答1:
Yes.
Do no use dialog security. Make sure all your BEGIN DIALOG statements use ENCRYPTION = OFF clause:
BEGIN DIALOG @handle
FROM SERVICE @from_service
TO SERVICE @to_service
ON CONTRACT @contract
WITH ENCRYPTION = OFF;
Grant SEND permission to [public] on each destinations service:
GRANT SEND ON SERVICE::<servicename> TO [public];
Use WINDOWS authentication on ENDPOINTs:
CREATE ENDPOINT broker
STATE = STARTED
AS TCP (LISTENER_PORT = 4022)
FOR SERVICE_BROKER (AUTHENTICATION = WINDOWS);
Grant CONNECT to ENDPOINT permission to the domain account used by your SQL Service:
GRANT CONNECT ON ENDPOINT::broker TO [domain\sqlserviceaccount];
(edited to correct GRANT SEND syntax)
回答2:
Remus, could you do this with Encryption but without Master Key Encryption? I see that when I use AUTHENTICATION = WINDOWS, I can also do ENCRYPTION = SUPPORTED. Reading about SB, there's two types of encryption (transport & message).
This is all on the same internal network, but I'd rather not make the contents of the messages readable. I think that just means I need transport security - and I have no idea if that requires certificates or master key encryption.
Thanks!
来源:https://stackoverflow.com/questions/11433435/service-broker-with-only-domain-account