|
Features can be made inaccessible to databases running on a database server. These features are secured from use.
When a feature is secured (made inaccessible), it is unavailable for use by client applications, database-defined stored procedures, triggers, and events. Secured feature settings apply to all databases running on the database server. Secured features are useful when you need to start a database that might contain embedded logic that references the external environment of the host computer system (for example, directories and files on the host computer). This capability is useful to third-party vendors who run a database server farm to host databases from various customers.
The -sf database server option allows you to specify which features you want to secure for databases running on the database server.
When you start a server using the -sf database server option, the following feature sets are secured by default:
The SYSTEM secured feature key is created by specifying the -sk database server option and an authorization code when starting the database server. You specify this authorization code to the sp_use_secure_feature_key system procedure to gain access to the SYSTEM secured feature key. Then you use the sa_server_option system procedure to alter which features are secured or unsecured as the database server is running.
If you start a database server without specifying the -sk option, you cannot change the secured feature settings for the database server or any databases running on it. You cannot create the SYSTEM secured feature key at a later time using the sp_create_secure_feature_key system procedure. Instead, you must shut down the database server and specify the -sk option when you restart it.
Once you have accessed the SYSTEM secured feature key, you can use the sp_create_secure_feature_key system procedure to create customized secured feature keys with authorization codes that can be used by other users to gain access to a specific set of features that are otherwise secured from use.
There is a limit of 1000 secured feature keys per database server.
The authorization code must be a non-empty string of at least six characters, and it cannot contain double quotes, control characters (any character less than 0x20), or backslashes.
The SYSTEM and customized secured feature keys are accessed by using the following system procedure:
EXECUTE privilege is required to use this system procedure.
Access is session based. Once you disconnect from the database server, you lose access. When you reconnect to the server, you must reacquire access.
Features are secured and unsecured by using the following system procedure:
Features are secured or unsecured while the database server is running. If the server is shut down, the settings are lost.
Customized secured feature keys are managed by using the following system procedures:
The MANAGE_KEYS feature must be enabled (acquired) to use these system procedures.
Secured feature keys exist while the database server is running. If the server is shut down, the keys are lost. The keys must be recreated when the server is restated.