Udostępnij za pośrednictwem


Best Practices: Avoiding Potential Security Issues

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

Some of the X++ APIs may have potential security issues. For example, they might allow unauthorized access to the database or the Application Object Tree (AOT), if used in a nonsecure manner.

If a call to one of these potentially unsafe APIs generates a Best Practices error, this indicates that you should assess the security implications of using the method. You may need to apply Code Access Security by using one of the classes derived from CodeAccessPermission, and/or take other mitigating actions, such as validating user input.

When you are satisfied that the security implications of using the class have been investigated and mitigated, you can turn off the best practice error by adding the following comment above the call to the method.

// BP Deviation documented

There is more information about the mitigations for each potentially unsafe API in the Help topics for the classes you received the error message for.

For more information about the APIs protected by Code Access Security, see Secured APIs.

Microsoft Dynamics AX conducts a best practices check of the XML comments to be sure that you provide documentation in the appropriate tags. For information about how to set the options for best practice checks, see Best practice parameters.

Best Practice Checks

The following table lists the best practices error messages and how to fix the errors.

Message

Message type

How to fix the error or warning

TwC: Validate data displayed in form is fetched using record level security. Dangerous API %1 used.

Error

Assess the security implications of using the method. You may need to apply Code Access Security by using one of the classes derived from CodeAccessPermission Class. For information about record level security, see Record Level Security. For more information about security, see Writing Secure X++ Code.

See also

Best Practices Checks

Announcements: New book: "Inside Microsoft Dynamics AX 2012 R3" now available. Get your copy at the MS Press Store.