CLR Integration Security

The security model of the Microsoft SQL Server integration with the Microsoft .NET Framework common language runtime (CLR) manages and secures access between different types of CLR and non-CLR objects running within SQL Server. These objects may be called by a Transact-SQL statement or another CLR object running in the server. The calls between objects are referred to as links. The types of security checks performed on these objects depend on the types of links involved.

The CLR integration security model has the following goals:

  • By default, running managed user code on SQL Server should not compromise the integrity and stability of SQL Server. Performing operations that potentially compromise the robustness of SQL Server should be protected by appropriate high-level permissions.
  • Managed user code should not gain unauthorized access to user data or other user code in the database. User-defined code should run under the security context of the user-session that invoked it, and with the correct privileges for that security context.
  • There should be controls for restricting user code from accessing any resources outside the server, using it strictly for local data access and computation.
  • User-defined code should not be able to gain unauthorized access to system resources by virtue of running in the SQL Server process.

SQL Server now integrates the user-based security model of SQL Server with the code access-based security model of the CLR. Some of the advantages of this combined approach to security are discussed in this section.

The following table lists the topics in this section.

Topic Description

CLR Integration Code Access Security

Discusses the code access security (CAS) model for managed code.

Host Protection Attributes and CLR Integration Programming

Provides information about the host protection attribute (HPA) values that are disallowed in SAFE and EXTERNAL_ACCESS assemblies.

Links in CLR Integration Security

Describes how pieces of user-code can call each other in SQL Server.

Impersonation and CLR Integration Security

Discusses how managed code accesses external resources using impersonation.

Allowing Partially Trusted Callers

Discusses issues that arise when a managed method invokes a method in a class contained in another assembly.

Application Domains and CLR Integration Security

Describes how assemblies are loaded into application domains.

See Also

Concepts

Managing CLR Integration Assemblies

Help and Information

Getting SQL Server 2005 Assistance

Change History

Release History

14 April 2006

Changed content:

5 December 2005

Changed content:
  • Updated and expanded the CLR Integration Security section.