Search This Blog

SQL server 2008 : HTTP ENDPOINTS AND AD HOC QUERYING

The BATCHES option is a powerful option, but it should be used with care. Any time you allow ad hoc querying of your database, you should carefully consider the security ramifications. I would advise against allowing ad hoc querying over HTTP SOAP endpoints unless you have a compelling reason. And even then you should perform a very thorough security review to ensure that no unauthorized access is allowed to your database and to make sure that users cannot execute destructive ad hoc T-SQL code on your server.