Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
Author |
Topic |
satyamamin
Starting Member
5 Posts |
Posted - 2007-04-27 : 08:39:49
|
Hello,I have implemented User-defined Functions in SQL Server 2005 with Managed Code. Inside Vistual Studio Project for SQL Server, there are three different levels of security, which are SAFE, EXTERNAL_ACCESS and UNSAFE. When I set EXTERNAL_ACCESS permission and try to send http web request using HttpWebRequest and HttpWebResponse classes in the .NET Framework, it throws me error message, but If I set to UNSAFE, it works fine. For that I have two Questions. 1) how to run my code with EXTERNAL_ACCESS permission ?2) If I set UNSAFE permission, is it dangerous for any security issue ?Looking forward to some help from you guys. Thanks in advance.Cheers,Satyam |
|
jezemine
Master Smack Fu Yak Hacker
2886 Posts |
Posted - 2007-04-27 : 09:47:57
|
when you import an assembly into sql server, sql server analyzes it to see what sort of methods you are using. If you are doing things in the assembly that sql server considers unsafe, like writing to the registry or file system, then it will force you to import the assembly as UNSAFE. it's sql's way of telling you "this assembly is doing crazy stuff, and you should think carefully before importing it. I can't vouch for what it's doing, so you better check the code carefully!"sounds like you are fetching data from the web and sending data out as well. This would certainly be considered an unsafe action.so unless you are 100% sure that the code in this assembly is 100% unharmful, DO NOT IMPORT IT.NEVER import an assembly as unsafe that you get from a third party. If you do, you are potentially letting that third party broadcast your data over the internet, write arbitrary data to the registry or filesystem, or worse.read this: http://msdn2.microsoft.com/en-us/library/ms189566.aspx www.elsasoft.org |
 |
|
satyamamin
Starting Member
5 Posts |
Posted - 2007-04-27 : 11:53:21
|
THANKS FOR UR REPLY. Will feedback you after studying it carefully. |
 |
|
|
|
|
|
|