I've read Mr. Cotter's article on full-text search and as with several other
folks, he mentions the use of the following commands to allow the adobe pdf
ifilter to be used.
exec sp_fulltext_service 'load_os_resources', 1;
exec sp_fulltext_service 'verify_signature', 0;
This works fine. However, a few articles I've read suggest that after you
have added the ifilter, you should restore these less secure values back to
exec sp_fulltext_service 'load_os_resources', 0;
exec sp_fulltext_service 'verify_signature', 1;
Because I want to keep my SQL Server secure, I have run these statements.
However after stopping and starting SQL Server or rebooting, the pdf ifilter
is no longer available to SQL Server full text search. Therefore, no new
pdf's are indexed. Is this the expected behavior? If so, What good is it to
restore the values if you can't index new documents. On the other hand, how
can you justify the security risk by not restoring the values to their more
secure state? Am I missing something here?
Can you direct me to the articles which suggest you can re-enable the
verification of the signatures. My understanding is that these signatures
are verified each time SQL Server or MSFTESQL starts. This is the suggested
behavior.
The danger is that one of the iFilters you load could be a victim of a
buffer overflow or another exploit . While the risk of this happening if
real it is really quite unlikely.
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Looking for a FAQ on Indexing Services/SQL FTS
http://www.indexserverfaq.com
"Dlorbecki" <Dlorbecki@.discussions.microsoft.com> wrote in message
news:DCB580BC-BAC1-47EB-A2A0-F67958DEA29E@.microsoft.com...
> I've read Mr. Cotter's article on full-text search and as with several
> other
> folks, he mentions the use of the following commands to allow the adobe
> pdf
> ifilter to be used.
> exec sp_fulltext_service 'load_os_resources', 1;
> exec sp_fulltext_service 'verify_signature', 0;
> This works fine. However, a few articles I've read suggest that after you
> have added the ifilter, you should restore these less secure values back
> to
> exec sp_fulltext_service 'load_os_resources', 0;
> exec sp_fulltext_service 'verify_signature', 1;
> Because I want to keep my SQL Server secure, I have run these statements.
> However after stopping and starting SQL Server or rebooting, the pdf
> ifilter
> is no longer available to SQL Server full text search. Therefore, no new
> pdf's are indexed. Is this the expected behavior? If so, What good is it
> to
> restore the values if you can't index new documents. On the other hand,
> how
> can you justify the security risk by not restoring the values to their
> more
> secure state? Am I missing something here?
|||Here's one link:
http://activeobjects.blogspot.com/2006/01/sharepoint-services-sql-2005-and-pdf.html
Are you saying not to run the latter two commands? My experience is that
after you do, the pdf ifilter does not function for new documents. However,
then you have the dilemma of the security hole.
"Hilary Cotter" wrote:
> Can you direct me to the articles which suggest you can re-enable the
> verification of the signatures. My understanding is that these signatures
> are verified each time SQL Server or MSFTESQL starts. This is the suggested
> behavior.
> The danger is that one of the iFilters you load could be a victim of a
> buffer overflow or another exploit . While the risk of this happening if
> real it is really quite unlikely.
> --
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602.html
> Looking for a FAQ on Indexing Services/SQL FTS
> http://www.indexserverfaq.com
> "Dlorbecki" <Dlorbecki@.discussions.microsoft.com> wrote in message
> news:DCB580BC-BAC1-47EB-A2A0-F67958DEA29E@.microsoft.com...
>
>
sql
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment