Disappointment: DiscountASP.NET doesn't support Visual Studio Database Project Deployment

Discussion in 'Databases' started by Exoss, Feb 6, 2009.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. Exoss

    Exoss

    Judge for yourself. I'm disappointed and frustrated they can't do something so simple to support such an amazing Microsoft technology. Visual Studio Database Projects are amazing, as is SQL Server 2008. So much for being a gold partner! This is a major issue for us; sufficient to force us to another hosting company with better support. In my opinion, this support engineer was more interested in closing the ticket than seeing if I had a valid request that might help other customers. He was polite, but unhelpful.

    Does this cause you problems too? If so, please chime in!
     
    Exoss, Feb 6, 2009
    #1
  2. JorgeR

    JorgeR DiscountASP.NET Staff

    I believe that you must have the sysadmin server role.
     
    JorgeR, Feb 6, 2009
    #2
  3. Bruce

    Bruce DiscountASP.NET Staff

    BTW, when you deploy w/ VS.NET, do you use SQL Publishing wizard?
     
    Bruce, Feb 7, 2009
    #3
  4. Exoss

    Exoss

    Exoss, Feb 7, 2009
    #4
  5. Exoss

    Exoss

    Can you please give me just one example of actual security risk posed by allowing customers to select from read-only server-level dynamic management views? Otherwise, I'll be left feeling that this was just security rhetoric or unfounded paranoia.

    I'm not asking for HTTP endpoint access. That is a false comparison.
     
    Exoss, Feb 7, 2009
    #5
  6. JorgeR

    JorgeR DiscountASP.NET Staff

    according to the error and compare to the msdn article - you will need view definition and 'view server state' permission on the server which is not allowed to our customers for security reasons.
    'If the source database is based on SQL Server 2008, you must have the VIEW ANY DEFINITION permission on the server. If the database contains any linked servers, you must also have the ALTER ANY LINKED SERVER permission. Your login must have the VIEW SERVER STATE permission (for database encryption keys). '

    http://msdn.microsoft.com/en-us/library/ms175808.aspx - view definition at server scope
    The view server state allows to see SQL Server dynamic views that show run-time information about the state of SQL Server.

    Please understand that sql 2005/2008 are great RDBMS but some of there features can not be enable without sacrificing server security. For example. HTTP Endpoints. Although it's a great feature of SQL 2005/SQL 2008 it does not make sense to open ports in a hosting environment and opening firewall ports in the network.
     
    JorgeR, Feb 7, 2009
    #6
  7. Exoss

    Exoss

    Take a look at the Microsoft documentation link in the original post. It's very clear on what permissions are required for what operations. In fact, I even asked for just a single permission that ought to be the only one I'm missing given my login has db_owner rights on the database.

    There's no need to guess at the rights.

    Sean
    Exoss
     
    Exoss, Feb 7, 2009
    #7
  8. Bruce

    Bruce DiscountASP.NET Staff

    i never seen this error before. i'll ask our dba to take a peek at it.
     
    Bruce, Feb 7, 2009
    #8
  9. JorgeR

    JorgeR DiscountASP.NET Staff

    Exoss
    We believe that a our hosting customers do not require server level DMVs that can potentially disclose customers information. For example, been able to run a query that gathers all the spids that are running in the SQL server engine and then exposing the command (the sql text) it was executing in detail. Hosted Application users should not need server level DMV's like sys.dm_io_pending_io_requests, sys.dm_exec_query_optimizer_info, etc. WE understand that the application may not requested such DMV's mentioned on this thread but it still uses a DMV that needs view server state permission. I have not tested the application myself, but from reading in posts and the link that you sent regarding the permissions, the permission is needed to view database encryption keys). . In fact, this is also one of Microsoft's best practices in a hosting environment
     
    JorgeR, Feb 8, 2009
    #9
  10. Exoss

    Exoss

    It's more than likely that you can be more granular with thepermissions than even the article says. All we need to do is identify the exact dmv's needed and determine whether those pose any security risk that you're concerned with. So one of the following may work:
    • I can identify the *exact* permissions needed by emulating this situation in my development environment
    • You can identify the *exact* permissions needed by actually testing this within your environment
    • Contact Microsoft and ask them exactly what's needed and why


    If we were able to get the appropriate information, would you folks be willing to make the security changes assuming they are reasonable?


    Sean


    Exoss
     
    Exoss, Feb 8, 2009
    #10
  11. Bruce

    Bruce DiscountASP.NET Staff

    I don't think we will be relaxing this setting mainly because of the demand for this tool. We host over 10000 SQL databases and this is the 1st time I've heard of people trying to use this tool.

    There are many other different ways to deploy your databases

    1) Use the Attach / Restore tool in the control panel
    2) Use SQL Publishing wizard.

    http://blogs.msdn.com/webdevtools/a...ing-wizard-is-now-in-visual-studio-orcas.aspx

    3) Script your database and execute the script.
     
    Bruce, Feb 9, 2009
    #11
  12. Exoss

    Exoss

    As I said at the beginning, this is a disappointment. It would have been much more effective for all of us if you just honestly said: "We're not going to budge no matter what the reason."We've wasted my time and all of yours.
     
    Exoss, Feb 9, 2009
    #12
  13. mjp

    mjp

    The first sentence of the response in helpdesk was, "I am afraid we do not support this method of database deployment." You quoted it yourself. So I think suggesting that we have wasted your time is a bit specious. You came here to force the issue in public, so we dealt with it in public. Any time wasted on it is the result of your post.

    We get requests to add or change something several times a day. We have to base additions or changes on demand and/or necessity. It does not make sense from a business or server and network management standpoint to commit resources to implementing things that only a tiny number of our customers will use or benefit from. I'm sure you understand.

    There are certainly hosts that will add or change anything that you ask for. Just remember, hundreds of other users on the same server are doing the same thing. Seethe potential problems there? We have a couple of guys here in support who used to work fora host that did just that, and trust me, you would not want your site running on any of their servers.

    Sorry we can't meet your needs in this case.
     
    mjp, Feb 19, 2009
    #13
  14. datersmarke

    datersmarke

    I am a new customer that just signed up for new hosting with a new database and I am not impressed with the quote from discountasp.net staff... "It does not make sense from a business or server and network management standpoint to commit resources to implementing things that only a tiny number of our customers will use or benefit from. I'm sure you understand."

    WOW! I can't believe that! I will not be renewing my contract.
     
    datersmarke, Jan 8, 2010
    #14
  15. mjp

    mjp

    Which part can't you believe, exactly? I thought it made perfect sense, but I am biased.
     
    mjp, Jan 8, 2010
    #15
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page