Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SQL Server 2017 CLR

Eduardo Piairo
September 30, 2017

SQL Server 2017 CLR

Talk presented @ SQLPort (30-09-2017)

Eduardo Piairo

September 30, 2017
Tweet

More Decks by Eduardo Piairo

Other Decks in Technology

Transcript

  1. ABOUT ME SQL Server 2017 CLR @EdPiairo, #SQLPort @EdPiairo https://pt.linkedin.com/in/jesuspiairo

    [email protected] http://www.eduardopiairo.com/ Eduardo Piairo Friend of Redgate Operations Engineer DevOps Porto Founder
  2. INDEX 1. What’s CLR 2. Enable CLR 3. Security (Host

    Policy) 4. 2017 Breaking change 5. CLR strict security SQL Server 2017 CLR @EdPiairo, #SQLPort
  3. WHAT IS CLR? SQL Server 2017 CLR @EdPiairo, #SQLPort •

    .Net runtime engine (CLR) was for first integrated in SQL Server 2005 • This integration allows the execution of code within the context of a query • This integration is commonly referred as SQLCLR (Microsoft call it CLR integration) • CLR integration allows to incorporate code written in .Net language into SQL Server engine • Can be called from a stored procedure or function • Stored procedures, triggers, user-defined functions, user-defined types, and user-defined aggregates can be created in managed code • Does not interact directly with SQL Server (needs to connect to database)
  4. WHAT IS CLR? SQL Server 2017 CLR @EdPiairo, #SQLPort •

    Framework that bridges the environment of the SQL Server database engine with the rich programming environment of .NET • Extending capabilities of queries beyond T-SQL built-in functions • Performing certain operations faster or easier than using T-SQL • Better interaction with external resources (better then xp_cmdshell)
  5. ENABLE CLR SQL Server 2017 CLR @EdPiairo, #SQLPort • EXEC

    sp_configure ‘clr enabled’, 1; RECONFIGURE; • EXEC sp_configure ‘clr enabled’, 0; RECONFIGURE; • 0 - Assembly execution not allowed on SQL Server • 1 - Assembly execution allowed on SQL Server
  6. SECURITY SQL Server 2017 CLR @EdPiairo, #SQLPort • CLR supports

    Code Access Security (CAS) as security model • The permissions granted to assemblies are defined in 3 different places: • Machine policy • User policy • Host policy
  7. HOST POLICY SQL Server 2017 CLR @EdPiairo, #SQLPort • CAS

    permissions granted to assemblies are determined by the permission set specified when creating the assembly (PERMISSION_SET) • SAFE • Only internal computation and local data access are allowed • Most restrictive permission set • Assembly cannot access external system resources such as files, the network, environment variables, or the registry
  8. HOST POLICY SQL Server 2017 CLR @EdPiairo, #SQLPort • CAS

    permissions granted to assemblies are determined by the permission set specified when creating the assembly (PERMISSION_SET) • EXTERNAL_ACCESS • Have the same permissions as SAFE • Ability to access external system resources such as files, networks, environmental variables, and the registry
  9. HOST POLICY SQL Server 2017 CLR @EdPiairo, #SQLPort • CAS

    permissions granted to assemblies are determined by the permission set specified when creating the assembly (PERMISSION_SET) • UNSAFE • Unrestricted access to resources, both within and outside SQL Server • Code executing from within an UNSAFE assembly can also call unmanaged code
  10. 2017 BREAKING CHANGE SQL Server 2017 CLR @EdPiairo, #SQLPort •

    CAS is no longer supported as security boundary • SQL Server new option: clr strict security
  11. CLR STRICT SECURITY SQL Server 2017 CLR @EdPiairo, #SQLPort •

    EXEC sp_configure ‘clr strict security’, 1; RECONFIGURE; • EXEC sp_configure ‘clr strict security’, 0; RECONFIGURE; • 0 – Disabled • Provided for backwards compatibility • Not recommended • 1 – Enabled (default) • Causes the Database Engine to ignore the PERMISSION_SET information on the assemblies, and always interpret them as UNSAFE
  12. CLR STRICT SECURITY SQL Server 2017 CLR @EdPiairo, #SQLPort •

    All assemblies (SAFE, EXTERNAL_ACCESS, UNSAFE) are authorized for UNSAFE access • Set database as TRUSTWORTHY; • Assembly is signed with a certificate that has a corresponding login with UNSAFE ASSEMBLY permission • Assembly is signed with an asymmetric key that has a corresponding login with UNSAFE ASSEMBLY permission • Trusted assembly list (sys.sp_add_trusted_assembly; sys.sp_drop_trusted_assembly)