堆栈内存溢出
  简体   繁体   English

用户定义函数的SQL Server 2012安全问题

[英]Security issues on user defined functions for Sql server 2012

 原文  2015-02-17 07:52:25       c#/ .net/ sql-server/ visual-studio-2010

问题描述

I am creating user defined functions in C#, as explained on the link: https://msdn.microsoft.com/en-us/library/w2kae45k%28v=vs.90%29.aspx 我正在C#中创建用户定义的函数,如链接上所述: https : //msdn.microsoft.com/en-us/library/w2kae45k%28v=vs.90%29.aspx

(I use C# CLR project, I have VS 2010, SQL server 2012. The code in VS 2010 is in framework 3.5. The sql server is in framework 4.0) (我使用C#CLR项目,我有VS 2010,SQL Server2012。VS2010中的代码在Framework 3.5中。SQLServer在Framework 4.0中)

I didn't succeed deploying, even I chose the correct server+database, so I copied the dll manually like this: 我没有成功部署,即使选择了正确的服务器+数据库,也是如此,我手动复制了dll:

  1. Created new sql project as the link (I chose Visual C# CLR database object, choose server+database) 创建了新的sql项目作为链接(我选择了Visual C#CLR数据库对象,选择了服务器+数据库)

  2. Add user defined function: 添加用户定义的功能:

    using System; 使用系统; using System.Data; 使用System.Data; using System.Data.SqlClient; 使用System.Data.SqlClient; using System.Data.SqlTypes; 使用System.Data.SqlTypes; using Microsoft.SqlServer.Server; 使用Microsoft.SqlServer.Server;

    public partial class UserDefinedFunctions { [Microsoft.SqlServer.Server.SqlFunction()] public static int testfunc() { // Put your code here return 1234; 公共局部类UserDefinedFunctions {[Microsoft.SqlServer.Server.SqlFunction()] public static int testfunc(){//将您的代码放在这里,返回1234; } }; };

  3. Put the dll in the assembly of sql server (in sql ssms: databases->"database name" -> Programmability -> Assembly -> New assembly -> ... choose the dll with permission set "safe"). 将dll放在sql服务器的程序集中(在sql ssms中:数据库->“数据库名称”->可编程性->程序集->新程序集-> ...选择权限设置为“安全”的dll)。

  4. Add a new function like this: create function testfunc() RETURNS int as EXTERNAL NAME SqlServerProject1.UserDefinedFunctions.testfunc 像这样添加一个新函数:创建函数testfunc()以外部名称SqlServerProject1.UserDefinedFunctions.testfunc返回int

(SqlServerProject1 is the namespace and dll name, UserDefinedFunctions is the class name, testfunc is the function name in C# and in sql server) (SqlServerProject1是名称空间和dll名称,UserDefinedFunctions是类名称,testfunc是C#和sql server中的函数名称)

  1. Everything work fine when doing select dbo.funcname(), but now I have problem (see exception bellow), when changing code in C# (testfunc) to this one: 进行select dbo.funcname()时,一切工作正常,但是现在将C#中的代码(testfunc)更改为此代码时,我遇到了问题(请参见下面的异常):

    [Microsoft.SqlServer.Server.SqlFunction()] public static int testfunc() { WebClient webC = new WebClient(); [Microsoft.SqlServer.Server.SqlFunction()] public static int testfunc(){WebClient webC = new WebClient(); WebRequest req = HttpWebRequest.Create(" http://axdev:8090 "); WebRequest req = HttpWebRequest.Create(“ http:// axdev:8090 ”); return 12345; 返回12345; } }

    1. The exception occurs when running select dbo.testfunc(), and I get: 运行select dbo.testfunc()时发生异常,我得到:

Msg 6522, Level 16, State 2, Line 1 A .NET Framework error occurred during execution of user-defined routine or aggregate "testfunc": System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. 消息6522,级别16,状态2,第1行在执行用户定义的例程或聚合“ testfunc”的过程中发生了.NET Framework错误:System.Security.SecurityException:请求类型为'System.Security.Permissions.SecurityPermission的许可,mscorlib,Version = 4.0.0.0,Culture = neutral,PublicKeyToken = b77a5c561934e089'失败。 System.Security.SecurityException: at System.Security.CodeAccessSecurityEngine.CheckNReturnSO(PermissionToken permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32 create) at System.Security.CodeAccessSecurityEngine.Assert(CodeAccessPermission cap, StackCrawlMark& stackMark) at System.Security.CodeAccessPermission.Assert() at UserDefinedFunctions.testfunc() System.Security.SecurityException:位于System.Security.CodeAccessSecurityEngine.Assert处的System.Security.CodeAccessSecurityEngine.CheckNReturnSO(PermissionToken permToken,CodeAccessPermission需求,StackCrawlMark和stackMark,Int32创建)(System.Security.CodeAccessPermission.Assert处的CodeAccessPermission上限,StackCrawlMark和stackMark) ()在UserDefinedFunctions.testfunc()

  1. I cannot create an assembly with permission set = "unrestricted" (Same as step 3, but with "unrestricted", since I get the error: 我无法创建权限集=“ unrestricted”的程序集(与第3步相同,但使用“ unrestricted”,因为出现错误:

> TITLE: Microsoft SQL Server Management Studio 标题:Microsoft SQL Server Management Studio

Create failed for SqlAssembly 'SqlServerProject1'. SqlAssembly'SqlServerProject1'创建失败。 (Microsoft.SqlServer.Smo) (Microsoft.SqlServer.Smo)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=11.0.3000.0+((SQL11_PCU_Main).121019-1325+)&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+SqlAssembly&LinkId=20476 要获取帮助,请单击: http : //go.microsoft.com/fwlink? .FailedOperationExceptionText&EvtID =创建+ SqlAssembly&LINKID = 20476

ADDITIONAL INFORMATION: 附加信息:

An exception occurred while executing a Transact-SQL statement or batch. 执行Transact-SQL语句或批处理时发生异常。 (Microsoft.SqlServer.ConnectionInfo) (Microsoft.SqlServer.ConnectionInfo)

CREATE ASSEMBLY for assembly 'SqlServerProject1' failed because assembly 'SqlServerProject1' is not authorized for PERMISSION_SET = UNSAFE. 为程序集“ SqlServerProject1”创建组件失败,因为程序集“ SqlServerProject1”未获得PERMISSION_SET = UNSAFE的授权。 The assembly is authorized when either of the following is true: the database owner (DBO) has UNSAFE ASSEMBLY permission and the database has the TRUSTWORTHY database property on; 如果满足以下任一条件,则对程序集进行授权:数据库所有者(DBO)具有UNSAFE ASSEMBLY权限,并且数据库具有TRUSTWORTHY数据库属性。 or the assembly is signed with a certificate or an asymmetric key that has a corresponding login with UNSAFE ASSEMBLY permission. 或使用具有相应登录名并具有UNSAFE ASSEMBLY权限的证书或非对称密钥对程序集进行签名。 (Microsoft SQL Server, Error: 10327) (Microsoft SQL Server,错误:10327)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&ProdVer=11.00.3128&EvtSrc=MSSQLServer&EvtID=10327&LinkId=20476 要获取帮助,请单击: http : //go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&ProdVer=11.00.3128&EvtSrc=MSSQLServer&EvtID=10327&LinkId=20476

BUTTONS: 纽扣:

OK

  1. How can I resolve the above problem to run the new testfunc code properly? 如何解决上述问题才能正确运行新的testfunc代码?

======== ========

A new problem - after running alter database 'mydb' set trustworthy on, I get a new error, when adding again the assembly with "permission set" = unrestricted. 一个新问题-在运行alter database'mydb'时,将其设置为可信任,然后再次添加具有“ permission set” =无限制的程序集时,出现一个新错误。

TITLE: Microsoft SQL Server Management Studio 标题:Microsoft SQL Server Management Studio

Create failed for SqlAssembly 'SqlServerProject1'. SqlAssembly'SqlServerProject1'创建失败。 (Microsoft.SqlServer.Smo) (Microsoft.SqlServer.Smo)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=11.0.3000.0+((SQL11_PCU_Main).121019-1325+)&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+SqlAssembly&LinkId=20476 要获取帮助,请单击: http : //go.microsoft.com/fwlink? .FailedOperationExceptionText&EvtID =创建+ SqlAssembly&LINKID = 20476

------------------------------ ADDITIONAL INFORMATION: - - - - - - - - - - - - - - - 附加信息:

An exception occurred while executing a Transact-SQL statement or batch. 执行Transact-SQL语句或批处理时发生异常。 (Microsoft.SqlServer.ConnectionInfo) (Microsoft.SqlServer.ConnectionInfo)

The database owner SID recorded in the master database differs from the database owner SID recorded in database 'mydb'. 主数据库中记录的数据库所有者SID与数据库“ mydb”中记录的数据库所有者SID不同。 You should correct this situation by resetting the owner of database 'mydb' using the ALTER AUTHORIZATION statement. 您应该通过使用ALTER AUTHORIZATION语句重置数据库“ mydb”的所有者来纠正这种情况。 (Microsoft SQL Server, Error: 33009) (Microsoft SQL Server,错误:33009)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&ProdVer=11.00.3128&EvtSrc=MSSQLServer&EvtID=33009&LinkId=20476 要获取帮助,请单击: http : //go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&ProdVer=11.00.3128&EvtSrc=MSSQLServer&EvtID=33009&LinkId=20476

Thanks :) 谢谢 :)

1 个解决方案

解决方案1
 1 已采纳  2015-02-17 12:35:05

Its a bad practice to change the permission to unrestricted access. 将权限更改为无限制访问是一种不良做法。 Better you create a new login access with unrestricted permission and use it for clr calls. 最好您创建一个具有不受限制的权限的新登录访问并将其用于clr调用。 You must be using some threading or socket programming within the clr assembly. 您必须在clr程序集中使用某些线程或套接字编程。 It does require unrestricted access. 它确实需要不受限制的访问。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我应该在SQL Server还是C#中使用“用户定义函数”? - Should I use “User Defined Functions” in SQL server, or C#? 现有用户SQL Server 2012登录失败 - Login Failed for existing user SQL Server 2012 在Windows Server 2012上将用户添加到本地安全策略 - Add user to local security policy on Windows Server 2012 用户定义的聚合在SQL Server中的错误结果 - Wrong result of user defined aggregate in SQL Server C#和SQL Server 2012:获取当前用户的用户名 - C# & SQL Server 2012 : Get current user's username 具有用户定义的函数和实体框架的可能的SQL注入? - Possible SQL-Injection with user defined functions and entity framework? 使用C#SQL Generator在SQL Server 2012中执行新的T-SQL窗口函数? - C# SQL Generator to execute the new T-SQL Window Functions in SQL Server 2012? 用户定义的功能 - user defined functions 此版本的sql server不允许使用用户实例登录标志。 SQL Server 2012企业版 - The user instance login flag not allowed with this version of sql server. SQL Server 2012 Enterprise 如何使Windows用户具有集成安全性访问SQL Server? - How to make windows user has access to sql server with integrated security?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM