禁用在 SQLCLR 上运行的代码中键入
最近,我成功地让 Razor 解析器在 .NET 3.5 下工作并由 SQL Server 2008 托管。目前,这实际上只是一个实验,看看什么是可行的。这是有效的,包括动态编译剃刀模板程序集,然后将其加载到 AppDomain 中(这是一项任务! )。
因为 SQLCLR 不允许您在任何 SQLCLR 托管代码中使用 Assembly.Load(),即使使用 PERMISSION_SET = UNSAFE 也是如此。我的解决方法是使用 sp_executesql 编译后直接注册程序集,我构建了 CREATE ASSEMBLY 语句。当我动态渲染这些模板程序集时,我使用 PERMISSION_SET = SAFE 来执行此操作,以确保它们不会执行安全程序集允许范围之外的任何操作。
现在棘手的部分是,这些剃刀模板在连接的用户的上下文中运行,因此它们可以访问数据库,例如,在我的模板中,我可以这样做:
@import System.Data.SqlClient
@{
using (var conn = new SqlConnection("Context Connection = true"))
{
conn.Open();
// Execute something against the database
}
}
PERMISSION_SET = SAFE 将允许这样做,因为这是 SQLCLR 存在的原因之一,但在这些模板程序集中,我想引入一些额外的安全性,以防止用户对数据库执行任何操作。
有谁知道禁用类型的方法,例如 SqlConnection 或 SqlCommand,也许使用代码访问安全性或其他方法?
Recently I've managed to get the Razor parser working under .NET 3.5 and hosted by SQL Server 2008. At the moment, it's really just an experiment to see what is feasible. This is working, including dynamic compilation of razor template assemblies which are then loaded into the AppDomain (that was a mission!).
Because SQLCLR does not allow you to use Assembly.Load() in any SQLCLR hosted code, even with PERMISSION_SET = UNSAFE. My workaround for this is to register the assembly directly after compilation using sp_executesql which I build the CREATE ASSEMBLY statement. When I dynamically render these template assemblies, I do so with PERMISSION_SET = SAFE to ensure they don't do anything outside what is permitted for safe assemblies.
Now the tricky part is, these razor templates are running in the context of the connected user, so they have access to the database, e.g., in my template, I could do:
@import System.Data.SqlClient
@{
using (var conn = new SqlConnection("Context Connection = true"))
{
conn.Open();
// Execute something against the database
}
}
PERMISSION_SET = SAFE will allow for this, as that is one of the reasons SQLCLR even exists, but in these template assemblies I want to introduce some additional security that would allow me to prevent users from executing anything against the database.
Does anyone know of a way to disable types, such as SqlConnection or SqlCommand, perhaps using Code Access Security or another method?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
SqlClientPermission可用于阻止使用SqlConnection。SqlClientPermissioncan be used to prevent use ofSqlConnection.