June 15, 2006 at 9:46 am
I'm researching SQLCLRs and trying to determining the does and the don'ts and wonder what other DBA's are doing in regards to SQLCLRs. I'm expecially interested in SQLCLRs that require "PERMISSION_SET = UNSAFE".
As a DBA I'm trying to develop some guideline as to what is acceptable when it comes to SQLCLRs. I'm trying to set some kind of process around developing and implementing SQLCLR's. I've decided I can't really say NO SQLCLRs, so what can I say.
I'm looking for help from the masses (you) on how to address SQLCLRs that require "PERMISSION_SET = UNSAFE". Below are 4 options options. Which option would you use in your shop???
Option 1: No SQLCLRs that require "PERMISSION_SET = UNSAFE" will be deployed.
Optoin 2: SQLCLRs that require "PERMISSION_SET = UNSAFE" will require a detailed code review prior being deployed.
Option 3: SQLCLRs that require "PERMISSION_SET = UNSAFE" are not allowed!!!!!!!!
Option 4: SQLCLRs that require "PERMISSION_SET = UNSAFE" will be deploy with no questions asked.
What option do you think would be REASONABLE?
I'm leaning toward Option 2, but am not exactly sure what we should be looking for in a code review.
If you where to go with Option 2, then what would be the key items to look for during the code review? What kinds of coding logic would be acceptable? Unacceptable?
Gregory A. Larsen, MVP
June 19, 2006 at 8:00 am
This was removed by the editor as SPAM
June 19, 2006 at 12:44 pm
I had a discussion on that on SQL Server User Group. The difference in CLR from 2005 CTP to 2005 Release is that CLR in Release can use Permission Set "EXTERNAL_ACCESS" to access files and other network resources if the Database property Trustworthy is set.
While I don't agree with the naming convention, (why would you call a database trustworthy if resources could be accesses?), I do agree that this is the better option then Unsafe. So I would recommend to Developers to explore and use EXTERNAL_ACCESS first. If this option can not be used for particular reason, then I would certainly use your selection #2 with Code Review.
Acceptable logic:
1. Ask the developers what part of code absolutely require UNSAFE versus EXTERNAL_ACCESS.
2. Tell them to spend another day researching different implementations.
3. If they can prove that they can not implement it without UNSAFE then ask them to submit a Risk Analysis document. Reading this document the review board will be able to decide if it is acceptable in your company accourding to your company policies.
Regards,Yelena Varsha
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply