Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Why install SQL binaries on another drive

Posted on 2013-05-10
5
Medium Priority
?
563 Views
Last Modified: 2013-05-10
I know it's best practices to install SQL binaries on a non-system drive, but (the ugly truth), I don't know why. A client asked me and I'm er, uh...just because....

So why should SQL binaries be installed on a drive other than the OS as best practices? Google isn't giving up much.
0
Comment
Question by:barnesco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 8

Expert Comment

by:didnthaveaname
ID: 39155481
I'm not going to lie - I always install the binaries on the system drive.  I believe the TempDB (all system DBs, for that matter) installs wherever the DBE is installed by default, which can be problematic if it expands to a point where it brings your drive down.  Beyond the concern that OS I/O causing disk contention that would impact SQL disk throughput, and the previously mentioned reason, I can't think of anything else.  Data and log files go on there own separate drives, definitely.
0
 
LVL 18

Accepted Solution

by:
Cluskitt earned 1000 total points
ID: 39155511
One of the reasons is probably because the system drive is being read lots of times for the normal OS functioning. Having the DB on the same drive will cause SQL to compete for IO bandwidth with the OS (which has a higher priority), causing SQL related operations to lag on occasion.
0
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 1000 total points
ID: 39155641
The primary reason is security.  If a vulnerability exists in your code (inadequate input validation) an attacker could exploit that condition via SQL injection and use path traversal to run local processes (such as the command interpreter in Windows), for example.  If your installing these binaries on your OS drive, an attacker needs only fingerprint your OS (IIS headers are revealing) to infer your OS paths and binaries... for example: ..\..\..\..\..\..\..\..\windows\system32\cmd.exe /c echo 0wned by G>>c:\apache\htdocs\index.php

Clearly this attack above couldn't be done if the process was running from another drive (X:), as the Windows directory won't exist off the root of X:, nor will the command interpreter.

An additional layer of security would be to explicitly deny all access to your OS binaries (execute, append, delete, etc.) from the restricted accounts used to run your webserver, interpreter, and SQL server processes.  You are using restricted accounts to run these processes, right? :-)

See http://www.blackhat.com/presentations/bh-europe-09/Guimaraes/Blackhat-europe-09-Damele-SQLInjection-slides.pdf
0
 

Author Closing Comment

by:barnesco
ID: 39155911
The two answers above make perfect sense. Thanks.
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 39155943
It might be a technicality, but I think the correct answer should be awarded to x66_x72_x65_x65 and mine should be only an assist. I feel his/hers is more accurate.
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to connect from SSMS v17.x to a SQL Server Integration Services 2016 instance or previous version, you get the error “Connecting to the Integration Services service on the computer failed with the following error: 'The specified service …
Ready to get certified? Check out some courses that help you prepare for third-party exams.
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question