Solved

Why install SQL binaries on another drive

Posted on 2013-05-10
5
494 Views
Last Modified: 2013-05-10
I know it's best practices to install SQL binaries on a non-system drive, but (the ugly truth), I don't know why. A client asked me and I'm er, uh...just because....

So why should SQL binaries be installed on a drive other than the OS as best practices? Google isn't giving up much.
0
Comment
Question by:barnesco
5 Comments
 
LVL 8

Expert Comment

by:didnthaveaname
ID: 39155481
I'm not going to lie - I always install the binaries on the system drive.  I believe the TempDB (all system DBs, for that matter) installs wherever the DBE is installed by default, which can be problematic if it expands to a point where it brings your drive down.  Beyond the concern that OS I/O causing disk contention that would impact SQL disk throughput, and the previously mentioned reason, I can't think of anything else.  Data and log files go on there own separate drives, definitely.
0
 
LVL 18

Accepted Solution

by:
Cluskitt earned 250 total points
ID: 39155511
One of the reasons is probably because the system drive is being read lots of times for the normal OS functioning. Having the DB on the same drive will cause SQL to compete for IO bandwidth with the OS (which has a higher priority), causing SQL related operations to lag on occasion.
0
 
LVL 14

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 250 total points
ID: 39155641
The primary reason is security.  If a vulnerability exists in your code (inadequate input validation) an attacker could exploit that condition via SQL injection and use path traversal to run local processes (such as the command interpreter in Windows), for example.  If your installing these binaries on your OS drive, an attacker needs only fingerprint your OS (IIS headers are revealing) to infer your OS paths and binaries... for example: ..\..\..\..\..\..\..\..\windows\system32\cmd.exe /c echo 0wned by G>>c:\apache\htdocs\index.php

Clearly this attack above couldn't be done if the process was running from another drive (X:), as the Windows directory won't exist off the root of X:, nor will the command interpreter.

An additional layer of security would be to explicitly deny all access to your OS binaries (execute, append, delete, etc.) from the restricted accounts used to run your webserver, interpreter, and SQL server processes.  You are using restricted accounts to run these processes, right? :-)

See http://www.blackhat.com/presentations/bh-europe-09/Guimaraes/Blackhat-europe-09-Damele-SQLInjection-slides.pdf
0
 

Author Closing Comment

by:barnesco
ID: 39155911
The two answers above make perfect sense. Thanks.
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 39155943
It might be a technicality, but I think the correct answer should be awarded to x66_x72_x65_x65 and mine should be only an assist. I feel his/hers is more accurate.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SQL Transaction logs 8 11
SQL: export into csv/sqlcmd method and field config 3 19
Update in Sql 7 12
SQL Query 3 0
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Viewers will learn how the fundamental information of how to create a table.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now