Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / Other Technologies / Full-Text Search / June 2007

Tip: Looking for answers? Try searching our database.

pdf ifilter sp_fulltext_service settings dilemma

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Dlorbecki - 05 Jun 2007 21:41 GMT
I've read Mr. Cotter's article on full-text search and as with several other
folks, he mentions the use of the following commands to allow the adobe pdf
ifilter to be used.

exec sp_fulltext_service 'load_os_resources', 1;
exec sp_fulltext_service 'verify_signature', 0;

This works fine.  However, a few articles I've read suggest that after you
have added the ifilter, you should restore these less secure values back to

exec sp_fulltext_service 'load_os_resources', 0;
exec sp_fulltext_service 'verify_signature', 1;

Because I want to keep my SQL Server secure, I have run these statements.  
However after stopping and starting SQL Server or rebooting, the pdf ifilter
is no longer available to SQL Server full text search.  Therefore, no new
pdf's are indexed.  Is this the expected behavior?  If so, What good is it to
restore the values if you can't index new documents.  On the other hand, how
can you justify the security risk by not restoring the values to their more
secure state?  Am I missing something here?
Reply to this Message
Hilary Cotter - 06 Jun 2007 12:07 GMT
Can you direct me to the articles which suggest you can re-enable the
verification of the signatures. My understanding is that these signatures
are verified each time SQL Server or MSFTESQL starts. This is the suggested
behavior.

The danger is that one of the iFilters you load could be a victim of a
buffer overflow or another exploit . While the risk of this happening if
real it is really quite unlikely.

Signature

Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html

Looking for a FAQ on Indexing Services/SQL FTS
http://www.indexserverfaq.com

> I've read Mr. Cotter's article on full-text search and as with several
> other
[quoted text clipped - 23 lines]
> more
> secure state?  Am I missing something here?
Reply to this Message
Dlorbecki - 07 Jun 2007 20:37 GMT
Here's one link:

http://activeobjects.blogspot.com/2006/01/sharepoint-services-sql-2005-and-pdf.html

Are you saying not to run the latter two commands?  My experience is that
after you do, the pdf ifilter does not function for new documents.  However,
then you have the dilemma of the security hole.

> Can you direct me to the articles which suggest you can re-enable the
> verification of the signatures. My understanding is that these signatures
[quoted text clipped - 32 lines]
> > more
> > secure state?  Am I missing something here?
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.