c# – 在SQL 2005中使用WITH PERMISSION_SET = UNSAFE进行程序集是不是很糟糕?

我需要使用SQLCLR来创建一个使用.NET 3.5中的东西的存储过程.如果我不使用PERMISSION_SET = UNSAFE,我不能这样做,它会死,并给我这个错误:

Deploy error SQL01268: .Net SqlClient
Data Provider: Msg 6503, Level 16, State 12, Line 1
Assembly ‘system.core, version=3.5.0.0, culture=neutral, publickeytoken=b77a5c561934e089.’ was not found in the SQL catalog.
An error occurred while the batch was being executed.

所以我找到了这篇文章:

http://weblogs.asp.net/paulomorgado/archive/2009/06/13/playing-with-sql-server-clr-integration-part-iv-deploying-to-sql-server-2005.aspx

最后一行说明了这一点:

“Now the DBAs won’t definitely let me use this, but it was fun to build it.”

我不确定他是否将权限设置为“不安全”.

那么,如果你这样做,会发生一些巨大的漏洞吗?

最佳答案 有三种不同的permission_set选项可以限制程序集的功能

安全 – 将程序集限制为托管代码

EXTERNAL_ACCESS – 允许访问文件,网络资源等.

UNSAFE – 不受限制的访问 – 包括执行非托管代码

MSDN文档提供以下指导

Specifying UNSAFE enables the code in the assembly complete freedom to perform operations in the SQL Server process space that can potentially compromise the robustness of SQL Server. UNSAFE assemblies can also potentially subvert the security system of either SQL Server or the common language runtime. UNSAFE permissions should be granted only to highly trusted assemblies.

如果你的程序集只使用.NET 3.5的功能,我不明白为什么它需要UNSAFE访问.

您可能正在使用System.Core库中不允许的类型或成员之一.微软有这些列表. Disallowed Types and Members in System.Core.dll

这里有更多信息. Host Protection Attributes and CLR Integration Programming

点赞