Solved

Why install SQL binaries on another drive

Posted on 2013-05-10
5
495 Views
Last Modified: 2013-05-10
I know it's best practices to install SQL binaries on a non-system drive, but (the ugly truth), I don't know why. A client asked me and I'm er, uh...just because....

So why should SQL binaries be installed on a drive other than the OS as best practices? Google isn't giving up much.
0
Comment
Question by:barnesco
5 Comments
 
LVL 8

Expert Comment

by:didnthaveaname
ID: 39155481
I'm not going to lie - I always install the binaries on the system drive.  I believe the TempDB (all system DBs, for that matter) installs wherever the DBE is installed by default, which can be problematic if it expands to a point where it brings your drive down.  Beyond the concern that OS I/O causing disk contention that would impact SQL disk throughput, and the previously mentioned reason, I can't think of anything else.  Data and log files go on there own separate drives, definitely.
0
 
LVL 18

Accepted Solution

by:
Cluskitt earned 250 total points
ID: 39155511
One of the reasons is probably because the system drive is being read lots of times for the normal OS functioning. Having the DB on the same drive will cause SQL to compete for IO bandwidth with the OS (which has a higher priority), causing SQL related operations to lag on occasion.
0
 
LVL 14

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 250 total points
ID: 39155641
The primary reason is security.  If a vulnerability exists in your code (inadequate input validation) an attacker could exploit that condition via SQL injection and use path traversal to run local processes (such as the command interpreter in Windows), for example.  If your installing these binaries on your OS drive, an attacker needs only fingerprint your OS (IIS headers are revealing) to infer your OS paths and binaries... for example: ..\..\..\..\..\..\..\..\windows\system32\cmd.exe /c echo 0wned by G>>c:\apache\htdocs\index.php

Clearly this attack above couldn't be done if the process was running from another drive (X:), as the Windows directory won't exist off the root of X:, nor will the command interpreter.

An additional layer of security would be to explicitly deny all access to your OS binaries (execute, append, delete, etc.) from the restricted accounts used to run your webserver, interpreter, and SQL server processes.  You are using restricted accounts to run these processes, right? :-)

See http://www.blackhat.com/presentations/bh-europe-09/Guimaraes/Blackhat-europe-09-Damele-SQLInjection-slides.pdf
0
 

Author Closing Comment

by:barnesco
ID: 39155911
The two answers above make perfect sense. Thanks.
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 39155943
It might be a technicality, but I think the correct answer should be awarded to x66_x72_x65_x65 and mine should be only an assist. I feel his/hers is more accurate.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
I have a large data set and a SSIS package. How can I load this file in multi threading?
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now