 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / General / Security / January 2008.NET Code Access Security fundamentals
"Using the CAS layer is a huge improvement over running extended stored procedures under default login credentials..." (SQL Server 2005 Unleashed, p 1332) Yes, this is wonderful, but in the context of my project, we would all be quite satisfied to ignore all that and have the SQL CLR project's Visual Basic code do just that: run under default login credentials, or inherit from the user actually invoking the code. Not really a security weakness, because those exact users are already doing just that with 100+ ASPX pages. Every step of the way, SQL or CAS or some other hyperactive secuirty guard pops up to deny us a few simple database tasks, and we need to "lower our shields" and move forward. Apparently there is a "full trust" classification for CLR, just as there is for sysadmins within SMSS, i.e. you can do almost anything, bypassing almost all security. How do we do this, simply, and make it stick on the R&D machine, then propagate to the production server? (this may be a VS2008 issue, but that group keeps sending me here) Hi, I understand that you would like to know if there is a full trust classification for CLR so that you can freely run your SQL CLR project without encountering security problems. If I have misunderstood, please let me know. From the article, "CLR Integration Security", http://msdn2.microsoft.com/en-us/library/ms254940.aspx, we can find that there are at least four level security factors you should consider. No one setting can eliminate all of them, however I think that your real concern is for CAS and SQL Server Host Policy Level Permission Sets. For CAS, though it is not recommended, you can turn it off via caspol.exe utility. For example: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727> caspol -s off You may also refer to this article: Troubleshooting common permissions and security-related issues in ASP.NET http://support.microsoft.com/default.aspx?scid=kb;EN-US;910449 For SQL Server Host Policy Level Permission, an easiest way is to set your database trustworthy which I have mentioned in your other post. You may also refer to: Creating an Assembly http://msdn2.microsoft.com/en-us/library/ms345106.aspx Please keep in mind that both of the two methods are not commonly recommended. You may use the above suggestions only when you do not care about the security risk. Hope this helps. Please feel free to let me know if you have any other questions or concerns. Have a nice day! Best regards, Charles Wang Microsoft Online Community Support ====================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from this issue. ====================================================== This posting is provided "AS IS" with no warranties, and confers no rights. ====================================================== |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.