+1-888-365-2779
Try Now
More in this section

Forums / Set-up & Installation / SQL Express on a Public Web Site. Bad Idea?

SQL Express on a Public Web Site. Bad Idea?

4 posts, 0 answered
  1. Jeff
    Jeff avatar
    124 posts
    Registered:
    05 Aug 2007
    04 Jun 2008
    Link to this post

    I'm trying to get up to speed on SQL Express and came up with a potential showstopper for my project: I'm reading that MS doesn't recommend SQL Express in a production environment.

    The particular concern is that the ASPNET process needs to run as an Administrator. I certainly haven't done that in my development environment and Sitefinity seems to run fine.

    Anyone have any thoughts? I may just stick with MySQL as the full blown MS SQL isn't in my budget. Thankfully, this is an option in Sitefinity.



    From MSDN:

    SQL Server Express Edition

    When a process attaches to a SQL Server Express Edition database (.mdf file), the process must have administrative permissions. In general, this makes SQL Server Express Edition databases impractical for production Web sites because the ASP.NET process does not (and should not) run with administrative privileges. Therefore, use SQL Server Express Edition databases only under the following circumstances:

    • Use as a test database while developing your Web application. When you are ready to deploy your application, you can transfer the database from SQL Server Express Edition to a production instance of SQL Server.

    • Use if you are running a Web site that can use impersonation and you can control the privileges of the impersonated user. In practice, this strategy is practical only if the application is running on a local area network (not a public Web site).

    • Store the .mdf file in your site's App_Data folder, because the contents of the folder will not be returned to direct HTTP requests. You should also map the .mdf extension to ASP.NET in IIS and to the HttpForbiddenHandler handler in ASP.NET using the following element in the site's Web.config file:

  2. Bob
    Bob avatar
    330 posts
    Registered:
    24 Sep 2012
    06 Jun 2008
    Link to this post
    Hi Jeff,

    SQL Express requires the ASP.Net process to have write permissions for the folder where the .mdf and .ldf files reside. The third point states that you are safe as long as you keep the .mdf file in the ~/App_Data folder. This is the place where Sitefinity puts SQL Express files by default.

    Of course, you are free to use MySQL if you prefer.

    Regards,
    Bob
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  3. Jeff
    Jeff avatar
    124 posts
    Registered:
    05 Aug 2007
    07 Jun 2008
    Link to this post
    Thanks Bob. That makes sense to me.

    That brings me to another question: What if I use SQL authentication instead of Windows? Could I then remove the ASPNET user from the mdf and ldf files?

    That's how I'm running it right now and I haven't run into any problems.
  4. Nikifor
    Nikifor avatar
    232 posts
    Registered:
    18 May 2013
    10 Jun 2008
    Link to this post
    Hello Jeff,

    As long as you use SQL Server or MySQL it is not necessary to have full permissions on the .mdf and .ldf files of your project. The only must is that the account under which you are accessing the database, should have db_owner permissions on the database.

    Kind regards,
    Nikifor
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
Register for webinar
4 posts, 0 answered