Secure Install?

Last Post 24 Mar 2004 06:27 PM by dmcdowell. 1 Replies.
AddThis - Bookmarking and Sharing Button
Author Messages
New Member
New Member

23 Mar 2004 11:33 AM
I think it is very poor of MS to be touting Reporting Services (RS) as free when in fact to follow their best practices suggestions you need to pay of another sql license. If you install it with IIS and not on a box with MS SQL ( a security issue ) then you must purchase a SQL license for that box but not use it. My question is when installing RS on a box with SQL there are two databases created, ReportServer and ReportServerTempDB, do these hold any data that, if accessed, can allow access to the actual data source database servers. From what I read they hold metadata and snapshots. I guess the snap shots seem to be a security issue. What I would like to hear is that there is nothing in these two databases that pose a security risk if accessed and that I don’t need an additional SQL license for RS.
New Member
New Member

24 Mar 2004 06:27 PM
It is not free and never touted as such.

It is included in SQL Server's bundled licensing, therefore you may add it at no incremental cost to an existing SQL Server server... but that would require adding IIS. So if you were to seperate your IIS tier from your database tier according to best practice to would need to buy a SQL Server license for the IIS server that will host the ReportServer web service.

Soooo, if you are purchasing a SQL Server license for the web tier (ReportServer web service) server, you ARE using the license--in the same way as someone buying a SQL Server license to install Analysis Services decoupled from the RDBMS.

The ReportServer database holds metadata (RDL files, directory structures, parameter settings, caching settings, encrypted stored creditials, etc...) and pre-rendered report snapshots that are only renderable on an activated node of the ReportServer using machine specific encryption. ReportServerTempDB stores and cached reports in the same manner... Aside from normal database security woes (everyone uses the SA account) I have no problem sleeping at night considering the security of this architecture.

But, if you do not want an IIS app running on your database server and you want to decouple the tiers, you do need to license SQL Server everywhere a part of SQL Server is installed.

Acceptable Use Policy