堆栈内存溢出
  简体   繁体   English

我是否需要SQL Server db_ddladmin权限才能实现实体框架代码优先,这是一个安全问题吗?

[英]Do I need SQL Server db_ddladmin rights for a Entity Framework Code-First Approach and is it a security issue?

 原文  2014-12-03 11:22:24       c#/ asp.net/ sql-server/ entity-framework/ rights-management

问题描述

we have an external project that has been developed using C# & Entity Framework 6 Code First together with SQL Server 2014. It has a web site and a wcf service. 我们有一个外部项目,它使用C#和Entity Framework 6 Code First与SQL Server 2014一起开发。它有一个网站和一个wcf服务。

Now, for deployment the project-contractor stated that the IIS APPOOL user under which the web site runs will need membership to db_datareader, db_datawriter and db_ddladmin for it to work and indeed without giving those rights it did not work. 现在,对于部署,项目承包商声明运行网站的IIS APPOOL用户需要成员资格db_datareader,db_datawriter和db_ddladmin才能使用它,并且实际上没有赋予它们不起作用的权限。

I have certain problems with that because without being a SQL-Guru I feel that a deployment should not need db_ddladmin rights while the contractor says thats perfectly normal with EF Code First and does not see a problem. 我有一些问题因为没有成为SQL-Guru我觉得部署不应该需要db_ddladmin权限,而承包商说这与EF Code First完全正常并且没有看到问题。 A search on the net also seems to reveal that those rights can be problematic ( http://akawn.com/blog/2012/02/why-you-should-be-cautious-with-the-dbo_owner-role/ ) which would also indicate to me that it would be a bit insane that EF framework Code First really would need those rights... 在网上搜索也似乎表明这些权利可能存在问题( http://akawn.com/blog/2012/02/why-you-should-be-cautious-with-the-dbo_owner-role/ )还会告诉我,EF框架Code First确实需要这些权利会有点疯狂......

So do I need db_ddladmin for EF Code First? 所以我需要db_ddladmin用于EF Code First吗? And is it problematic that a deployed web project needs database access rights of db_ddladmin? 部署的Web项目是否需要db_ddladmin的数据库访问权限?

Thanks in advance! 提前致谢!

1 个解决方案

解决方案1
 5 已采纳  2014-12-03 11:43:14

This is indeed a possible pain point. 这确实是一个可能的痛点。 Entity Framework does assume that you have db_ddladmin rights for migrations . 实体框架确实假定您具有db_ddladmin权限以进行迁移 It does not require this permission at any other stage. 它在任何其他阶段都不需要此权限。

There are a few ways to handle this. 有几种方法可以解决这个问题。 You can either give the permissions, run the migrations, then remove the permission, or you can export a SQL script and run it against your server, like so: Update-Database -Script -SourceMigration:0 (script from beginning to current state). 您可以提供权限,运行迁移,然后删除权限,也可以导出SQL脚本并针对您的服务器运行它,如下所示: Update-Database -Script -SourceMigration:0 (脚本从开始到当前状态) 。 Any future migration deployments would require you to take the same steps, starting from the server's current migration value, or adding/removing the permission. 任何未来的迁移部署都需要您从服务器的当前迁移值开始,或者添加/删除权限,采取相同的步骤。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如果我们使用具有代码优先方法的Entity框架,是否可以在给定路径上创建数据库(Sql Server compact)? - Is possible to create a database (Sql Server compact) on a given path if we use Entity framework with code-first approach? 通过具有多对多关系的实体框架代码优先方法为 SQL Server 播种 - Seeding SQL Server by Entity Framework code-first approach with many-to-many relationship 实体框架代码优先迁移与SQL Server失败 - Entity Framework Code-First Migration Fails with SQL Server 遵循Entity Framework代码优先方法,为什么不创建连接字符串? (未创建数据库) - Following Entity Framework code-first approach, why is connection string not created? (No DB created) 使用实体框架代码优先方法将文件存储在 SQL CE 4 中 - Store file in SQL CE 4 using Entity Framework Code-First approach Struct with Entity Framework 的变通方法,代码优先方法 - Work-around for Struct with Entity Framework, Code-First approach 使用代码优先迁移的Entity Framework从SQL Server到Oracle - From SQL Server to Oracle using Entity Framework with code-first Migrations SQL Server表设计建议(Entity Framework代码优先,C#) - SQL Server table design advice (Entity Framework code-first, C#) 实体框架代码优先定位LocalDb而不是本地SQL Server Express主机 - Entity Framework code-first targeting LocalDb instead of local SQL Server Express host 实体框架代码优先连接服务器错误 - Entity framework code-first connect server error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM