Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2005 Forums
 .NET Inside SQL Server (2005)
 Setting security permission as "UNSAFE" is OK ?

Author  Topic 

satyamamin
Starting Member

5 Posts

Posted - 2007-04-27 : 08:39:49
Hello,

I have implemented User-defined Functions in SQL Server 2005 with Managed Code. Inside Vistual Studio Project for SQL Server, there are three different levels of security, which are SAFE, EXTERNAL_ACCESS and UNSAFE. When I set EXTERNAL_ACCESS permission and try to send http web request using HttpWebRequest and HttpWebResponse classes in the .NET Framework, it throws me error message, but If I set to UNSAFE, it works fine. For that I have two Questions.

1) how to run my code with EXTERNAL_ACCESS permission ?
2) If I set UNSAFE permission, is it dangerous for any security issue ?

Looking forward to some help from you guys. Thanks in advance.

Cheers,
Satyam

jezemine
Master Smack Fu Yak Hacker

2886 Posts

Posted - 2007-04-27 : 09:47:57
when you import an assembly into sql server, sql server analyzes it to see what sort of methods you are using. If you are doing things in the assembly that sql server considers unsafe, like writing to the registry or file system, then it will force you to import the assembly as UNSAFE. it's sql's way of telling you "this assembly is doing crazy stuff, and you should think carefully before importing it. I can't vouch for what it's doing, so you better check the code carefully!"

sounds like you are fetching data from the web and sending data out as well. This would certainly be considered an unsafe action.

so unless you are 100% sure that the code in this assembly is 100% unharmful, DO NOT IMPORT IT.

NEVER import an assembly as unsafe that you get from a third party. If you do, you are potentially letting that third party broadcast your data over the internet, write arbitrary data to the registry or filesystem, or worse.

read this: http://msdn2.microsoft.com/en-us/library/ms189566.aspx


www.elsasoft.org
Go to Top of Page

satyamamin
Starting Member

5 Posts

Posted - 2007-04-27 : 11:53:21
THANKS FOR UR REPLY. Will feedback you after studying it carefully.
Go to Top of Page
   

- Advertisement -