CLR strict security
Applies to:
SQL Server
Controls the interpretation of the SAFE
, EXTERNAL ACCESS
, UNSAFE
permission in SQL Server.
Value | Description |
---|---|
0 | Disabled - Provided for backwards compatibility. Disabled value is not recommended. |
1 | Enabled - Causes the Database Engine to ignore the PERMISSION_SET information on the assemblies, and always interpret them as UNSAFE . Enabled is the default value, starting with SQL Server 2017 (14.x). |
Warning
CLR uses Code Access Security (CAS) in the .NET Framework, which is no longer supported as a security boundary. A CLR assembly created with PERMISSION_SET = SAFE
may be able to access external system resources, call unmanaged code, and acquire sysadmin privileges. Beginning with SQL Server 2017 (14.x), an sp_configure
option called clr strict security
is introduced to enhance the security of CLR assemblies. clr strict security
is enabled by default, and treats SAFE
and EXTERNAL_ACCESS
assemblies as if they were marked UNSAFE
. The clr strict security
option can be disabled for backward compatibility, but this is not recommended. Microsoft recommends that all assemblies be signed by a certificate or asymmetric key with a corresponding login that has been granted UNSAFE ASSEMBLY
permission in the master database. SQL Server administrators can also add assemblies to a list of assemblies, which the Database Engine should trust. For more information, see sys.sp_add_trusted_assembly.
Remarks
When enabled, the PERMISSION_SET
option in the CREATE ASSEMBLY
and ALTER ASSEMBLY
statements is ignored at run-time, but the PERMISSION_SET
options are preserved in metadata. Ignoring the option, minimizes breaking existing code statements.
CLR strict security
is an advanced option
.
Important
After enabling strict security, any assemblies that are not signed will fail to load. You must either alter or drop and recreate each assembly so that it is signed with a certificate or asymmetric key that has a corresponding login with the UNSAFE ASSEMBLY
permission on the server.
Permissions
To change this option
Requires CONTROL SERVER
permission, or membership in the sysadmin
fixed server role.
To create an CLR assembly
The following permissions required to create a CLR assembly when CLR strict security
is enabled:
- The user must have the
CREATE ASSEMBLY
permission - And one of the following conditions must also be true:
- The assembly is signed with a certificate or asymmetric key that has a corresponding login with the
UNSAFE ASSEMBLY
permission on the server. Signing the assembly is recommended. - The database has the
TRUSTWORTHY
property set toON
, and the database is owned by a login that has theUNSAFE ASSEMBLY
permission on the server. This option is not recommended.
- The assembly is signed with a certificate or asymmetric key that has a corresponding login with the
See Also
Server Configuration Options (SQL Server)
sp_configure (Transact-SQL)
clr enabled Server Configuration Option
Feedback
Submit and view feedback for