Chapter 1 Securing Your Server and Network (13): Configuring Endpoint Security

原文出处：http://blog.csdn.net/dba_huangzj/article/details/38489765，专题目录：http://blog.csdn.net/dba_huangzj/article/details/37906349

No person shall, without the consent of the author, publish in the form of "original" or be used for commercial purposes without any liability.

Last article: http://blog.csdn.net/dba_huangzj/article/details/38438363

Preface:

SQL Server Endpoints (Endpoint) are portals to and from SQL Server, and anything can be transmitted between the network and SQL Server through endpoints. Endpoints can be system or user-defined, where the system endpoint allows T-SQL to connect to and send queries.

Endpoints use specific protocol definitions, which can be HTTP or TCP, and HTTP endpoints from SQL Server 2012 are removed from the built-in Web services functionality and only TCP endpoints can be used.

Custom endpoints are typically used for the purpose of: TCP requests. This article describes this, which can be used to establish a dedicated or secure SQL Server connection. Service Broker Database Mirroring Implementation:

1. Enter the following statement in the query window:

CREATE ENDPOINT mytsqlendpoint State 
= started 
as TCP ( 
  listener_port = 8080, 
  listener_ip = (127.0.0.1) c4/>) for 
TSQL ();

2. After execution, you will receive a message like this, which means that all logins connected through the default T-SQL endpoint will lose all permissions, and you will need to authorize the following statement:

GRANT CONNECT on Endpoint::[tsql Default TCP to [public];

News:

Creating a TSQL endpoint causes all the ' public ' connection permissions on the ' TSQL Default TCP ' endpoint to be revoked. If ' Public ' access is required on this endpoint, reapply this permission using ' GRANT CONNECT on Endpoint::[tsql Default TCP ' to [public] '.

3. You can use the following statement to query the endpoint situation:

SELECT * from sys.tcp_endpoints;

4. You can use the ALTER ENDPOINT command to start or stop an endpoint:

ALTER ENDPOINT [TSQL Default TCP] state = STOPPED;

principle:

When SQL Server is installed, the corresponding SQL Server system endpoint is created for each network protocol. The permissions for the access endpoint are given to the public server role. Each SQL Server login has the public role permission, which can be authorized and reclaimed through the following statement:

REVOKE CONNECT on Endpoint::[tsql Default TCP) to [public]; 
GRANT CONNECT on Endpoint::[tsql Default TCP] to [a_specific_login];

Next: http://blog.csdn.net/dba_huangzj/article/details/38656615