在 SQL 2005 中对程序集使用 WITH PERMISSION_SET = UNSAFE 是否不好? [英] Is it bad to use WITH PERMISSION_SET = UNSAFE for an assembly in SQL 2005?

问题描述

我需要使用 SQLCLR 来创建一个使用 .NET 3.5 中的东西的存储过程.如果我不使用 PERMISSION_SET = UNSAFE 我做不到，它就会死掉并给我这个错误:

I need to use SQLCLR to make a stored procedure that uses stuff in .NET 3.5. If I don't use PERMISSION_SET = UNSAFE I can't do it, it will just die and give me this error:

部署错误 SQL01268:.Net SqlClient
数据提供者:消息 6503，级别 16，状态 12，第 1 行
程序集system.core，版本=3.5.0.0，文化=中性，publickeytoken=b77a5c561934e089."在 SQL 目录中未找到.
执行批处理时出错.

Deploy error SQL01268: .Net SqlClient
Data Provider: Msg 6503, Level 16, State 12, Line 1
Assembly 'system.core, version=3.5.0.0, culture=neutral, publickeytoken=b77a5c561934e089.' was not found in the SQL catalog.
An error occurred while the batch was being executed.

所以我找到了这篇文章:

So I found this article:

http://weblogs.asp.net/paulomorgado/archive/2009/06/13/playing-with-sql-server-clr-integration-part-iv-deploying-to-sql-server-2005.aspx

最后一行是这样写的:

现在 DBA 肯定不会让我使用它，但构建它很有趣."

"Now the DBAs won’t definitely let me use this, but it was fun to build it."

我不确定他是否指的是权限被设置为不安全".

I am not sure if he was referring to the permissions being set to "unsafe".

那么，如果你这样做，会不会出现一些巨大的漏洞?

So, can some huge gaping hole happen if you do this?

推荐答案

三个不同的 permission_set 选项限制了程序集可以做什么

There are three different permission_set options which restrict what the assembly can do

SAFE - 将程序集限制为托管代码

SAFE - Restricts the assembly to managed code

EXTERNAL_ACCESS - 允许访问文件、网络资源等.

EXTERNAL_ACCESS - allows access to files, network resources, etc..

UNSAFE - 无限制访问 - 包括非托管代码的执行

UNSAFE - Unrestricted access - including the execution of non-managed code

MSDN 文档提供以下指导

指定 UNSAFE 可使程序集中的代码完全自由地在 SQL Server 进程空间中执行操作，这可能会损害 SQL Server 的稳健性.UNSAFE 程序集还可能破坏 SQL Server 或公共语言运行时的安全系统.UNSAFE 权限应仅授予高度受信任的程序集.

Specifying UNSAFE enables the code in the assembly complete freedom to perform operations in the SQL Server process space that can potentially compromise the robustness of SQL Server. UNSAFE assemblies can also potentially subvert the security system of either SQL Server or the common language runtime. UNSAFE permissions should be granted only to highly trusted assemblies.

如果您的程序集仅使用 .NET 3.5 的功能，我不明白为什么它需要 UNSAFE 访问权限.

If your assembly only uses features of .NET 3.5, i don't see why it would need UNSAFE access.

您可能正在使用 System.Core 库中不允许使用的类型或成员之一.微软有一个列表.System.Core.dll 中不允许的类型和成员

It's possible you are using one of the types or members disallowed from the System.Core library. Microsoft has a list of these. Disallowed Types and Members in System.Core.dll

这里有更多信息.主机保护属性和 CLR 集成编程

这篇关于在 SQL 2005 中对程序集使用 WITH PERMISSION_SET = UNSAFE 是否不好?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！