Skip to content

Latest commit

 

History

History
58 lines (44 loc) · 4.09 KB

clr-strict-security.md

File metadata and controls

58 lines (44 loc) · 4.09 KB
Raw
title description author ms.author ms.date ms.service ms.subservice ms.topic f1_keywords helpviewer_keywords
CLR strict security
Learn to configure common language runtime (CLR) strict security in SQL Server. Control the interpretation of the SAFE, EXTERNAL ACCESS, and UNSAFE permissions.
rwestMSFT
randolphwest
06/20/2017
sql
configuration
conceptual
clr strict security
clr_strict_security_TSQL
strict_security_TSQL
assemblies [CLR integration], strick security
clr strict security option

CLR strict security

[!INCLUDE SQL Server]

Controls the interpretation of the SAFE, EXTERNAL ACCESS, UNSAFE permission in [!INCLUDEssNoVersion].

Value Description
0 Disabled - Provided for backwards compatibility. Disabled value is not recommended.
1 Enabled - Causes the [!INCLUDEssde-md] to ignore the PERMISSION_SET information on the assemblies, and always interpret them as UNSAFE. Enabled is the default value, starting with [!INCLUDEsssql17].

Warning

CLR uses Code Access Security (CAS) in the .NET Framework, which is no longer supported as a security boundary. A CLR assembly created with PERMISSION_SET = SAFE may be able to access external system resources, call unmanaged code, and acquire sysadmin privileges. Beginning with [!INCLUDEsssql17], an sp_configure option called clr strict security is introduced to enhance the security of CLR assemblies. clr strict security is enabled by default, and treats SAFE and EXTERNAL_ACCESS assemblies as if they were marked UNSAFE. The clr strict security option can be disabled for backward compatibility, but this is not recommended. Microsoft recommends that all assemblies be signed by a certificate or asymmetric key with a corresponding login that has been granted UNSAFE ASSEMBLY permission in the master database. [!INCLUDEssNoVersion] administrators can also add assemblies to a list of assemblies, which the Database Engine should trust. For more information, see sys.sp_add_trusted_assembly.

Remarks

When enabled, the PERMISSION_SET option in the CREATE ASSEMBLY and ALTER ASSEMBLY statements is ignored at run-time, but the PERMISSION_SET options are preserved in metadata. Ignoring the option, minimizes breaking existing code statements.

CLR strict security is an advanced option.

Important

After enabling strict security, any assemblies that are not signed will fail to load. You must either alter or drop and recreate each assembly so that it is signed with a certificate or asymmetric key that has a corresponding login with the UNSAFE ASSEMBLY permission on the server.

Permissions

To change this option

Requires CONTROL SERVER permission, or membership in the sysadmin fixed server role.

To create an CLR assembly

The following permissions required to create a CLR assembly when CLR strict security is enabled:

  • The user must have the CREATE ASSEMBLY permission
  • And one of the following conditions must also be true:
    • The assembly is signed with a certificate or asymmetric key that has a corresponding login with the UNSAFE ASSEMBLY permission on the server. Signing the assembly is recommended.
    • The database has the TRUSTWORTHY property set to ON, and the database is owned by a login that has the UNSAFE ASSEMBLY permission on the server. This option is not recommended.

See Also

Server Configuration Options (SQL Server)
sp_configure (Transact-SQL)
clr enabled Server Configuration Option