SlideShare a Scribd company logo

SQL Server 2017 CLR

E
Eduardo Piairo

This document discusses SQL Server 2017 Common Language Runtime (CLR) integration. It begins by explaining what CLR is and how it allows .NET code to be executed in the SQL Server context. It then covers enabling CLR, security models using Code Access Security and host policies, and a breaking change in SQL Server 2017 regarding CLR strict security. The document concludes with references and an offer for questions.

Software
1 of 16
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
SQL SERVER 2017 Eduardo Piairo @EdPiairo #PortoDataCLR
ABOUT ME SQL Server 2017 CLR @EdPiairo, #PortoData @EdPiairo https://pt.linkedin.com/in/jesuspiairo eduardopiairo@gmail.com http://www.eduardopiairo.com/ Eduardo Piairo Friend of Redgate Operations Engineer DevOps Porto Founder
INDEX 1. What’s CLR 2. Enable CLR 3. Security (Host Policy) 4. 2017 Breaking change 5. CLR strict security SQL Server 2017 CLR @EdPiairo, #PortoData
WHAT IS CLR? SQL Server 2017 CLR • .Net runtime engine (CLR) was for first integrated in SQL Server 2005 • This integration allows the execution of code within the context of a query • This integration is commonly referred as SQLCLR (Microsoft call it CLR integration) • CLR integration allows to incorporate code written in .Net language into SQL Server engine • Can be called from a stored procedure or function • Stored procedures, triggers, user-defined functions, user-defined types, and user-defined aggregates can be created in managed code • Does not interact directly with SQL Server (needs to connect to database) @EdPiairo, #PortoData
WHAT IS CLR? SQL Server 2017 CLR • Framework that bridges the environment of the SQL Server database engine with the rich programming environment of .NET • Extending capabilities of queries beyond T-SQL built-in functions • Performing certain operations faster or easier than using T-SQL • Better interaction with external resources (better then xp_cmdshell) @EdPiairo, #PortoData
ENABLE CLR SQL Server 2017 CLR • EXEC sp_configure ‘clr enabled’, 1; RECONFIGURE; • EXEC sp_configure ‘clr enabled’, 0; RECONFIGURE; • 0 - Assembly execution not allowed on SQL Server • 1 - Assembly execution allowed on SQL Server @EdPiairo, #PortoData
SECURITY SQL Server 2017 CLR • CLR supports Code Access Security (CAS) as security model • The permissions granted to assemblies are defined in 3 different places: • Machine policy • User policy • Host policy @EdPiairo, #PortoData
HOST POLICY SQL Server 2017 CLR • CAS permissions granted to assemblies are determined by the permission set specified when creating the assembly (PERMISSION_SET) • SAFE • Only internal computation and local data access are allowed • Most restrictive permission set • Assembly cannot access external system resources such as files, the network, environment variables, or the registry @EdPiairo, #PortoData
HOST POLICY SQL Server 2017 CLR • CAS permissions granted to assemblies are determined by the permission set specified when creating the assembly (PERMISSION_SET) • EXTERNAL_ACCESS • Have the same permissions as SAFE • Ability to access external system resources such as files, networks, environmental variables, and the registry @EdPiairo, #PortoData
HOST POLICY SQL Server 2017 CLR • CAS permissions granted to assemblies are determined by the permission set specified when creating the assembly (PERMISSION_SET) • UNSAFE • Unrestricted access to resources, both within and outside SQL Server • Code executing from within an UNSAFE assembly can also call unmanaged code @EdPiairo, #PortoData
2017 BREAKING CHANGE SQL Server 2017 CLR • CAS is no longer supported as security boundary • SQL Server new option: clr strict security @EdPiairo, #PortoData
CLR STRICT SECURITY SQL Server 2017 CLR • EXEC sp_configure ‘clr strict security’, 1; RECONFIGURE; • EXEC sp_configure ‘clr strict security’, 0; RECONFIGURE; • 0 – Disabled • Provided for backwards compatibility • Not recommended • 1 – Enabled (default) • Causes the Database Engine to ignore the PERMISSION_SET information on the assemblies, and always interpret them as UNSAFE @EdPiairo, #PortoData
CLR STRICT SECURITY SQL Server 2017 CLR • All assemblies (SAFE, EXTERNAL_ACCESS, UNSAFE) are authorized for UNSAFE access • Set database as TRUSTWORTHY; • Assembly is signed with a certificate that has a corresponding login with UNSAFE ASSEMBLY permission • Assembly is signed with an asymmetric key that has a corresponding login with UNSAFE ASSEMBLY permission • Trusted assembly list (sys.sp_add_trusted_assembly; sys.sp_drop_trusted_assembly) @EdPiairo, #PortoData
DEMO SQL Server 2017 CLR @EdPiairo, #PortoData
REFERENCES https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/sql/introduction-to-sql-server-clr-integration http://www.sqlservercentral.com/articles/Stairway+Series/104406/ https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/clr-strict-security https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/clr-enabled-server-configuration-option https://docs.microsoft.com/en-us/sql/relational-databases/clr-integration/security/clr-integration-code-access-security https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sys-sp-add-trusted-assembly- transact-sql https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sys-sp-drop-trusted-assembly- transact-sql https://docs.microsoft.com/en-us/sql/database-engine/breaking-changes-to-database-engine-features-in-sql-server- 2017 http://www.nielsberglund.com/2017/07/23/sql-server-2017-sqlclr-white-listing-assemblies/ SQL Server 2017 CLR @EdPiairo, #PortoData
Q&A SQL Server 2017 CLR @EdPiairo https://pt.linkedin.com/in/jesuspiairo eduardopiairo@gmail.com http://www.eduardopiairo.com/ @EdPiairo, #PortoData

More Related Content

PDF
SQL Server 2017 CLR
Eduardo Piairo
 
PPTX
SANS @Night Talk: SQL Injection Exploited
Micah Hoffman
 
PDF
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Akeyless
 
PDF
Streamline CI/CD with Just-in-Time Access
Akeyless
 
PPTX
Nikto
penetration Tester
 
PPTX
Various Types of OpenSSL Commands and Keytool
CheapSSLsecurity
 
PPTX
The Rise of Secrets Management
Akeyless
 
PPTX
BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...
Dzmitry Durasau
 
SQL Server 2017 CLR
Eduardo Piairo
 
SANS @Night Talk: SQL Injection Exploited
Micah Hoffman
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Akeyless
 
Streamline CI/CD with Just-in-Time Access
Akeyless
 
Nikto
penetration Tester
 
Various Types of OpenSSL Commands and Keytool
CheapSSLsecurity
 
The Rise of Secrets Management
Akeyless
 
BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...
Dzmitry Durasau
 

What's hot (20)

PPTX
Secret Management Architectures
Stenio Ferreira
 
PDF
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Outlyer
 
PPTX
Prowler: BlackHat Europe Arsenal 2018
Toni de la Fuente
 
PDF
Hardening Apache Web Server by Aswin
Agate Studio
 
PDF
Whats new in oracle orachk & exachk 18.2.0
Gareth Chapman
 
ODP
SFS (Secure File System)
Ahmed EL-KOSAIRY
 
PPTX
Types of ssl commands and keytool
CheapSSLsecurity
 
PDF
Introduction to vault
Henrik Høegh
 
PPTX
Secure Keystone Deployment
Priti Desai
 
PPTX
ACME and Let's Encrypt: HTTPS made easy
Gabriell Nascimento
 
PPTX
NoSQL Exploitation Framework
Francis Alexander
 
PPTX
Security for devs
Abdelrhman Shawky
 
PDF
Web Server Hardening
n|u - The Open Security Community
 
PDF
Credential store using HashiCorp Vault
Mayank Patel
 
PPTX
The Key to Strong Cloud Security
Akeyless
 
ODP
Apache CXF Security Solutions
Daniel Kulp
 
PDF
Let's Encrypt!
Drew Fustini
 
DOC
Oracle Audit vault
uzzal basak
 
PPTX
How to Never Leave Your Deployment Unattended
Altoros
 
PDF
Security with VA Smalltalk
ESUG
 
Secret Management Architectures
Stenio Ferreira
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Outlyer
 
Prowler: BlackHat Europe Arsenal 2018
Toni de la Fuente
 
Hardening Apache Web Server by Aswin
Agate Studio
 
Whats new in oracle orachk & exachk 18.2.0
Gareth Chapman
 
SFS (Secure File System)
Ahmed EL-KOSAIRY
 
Types of ssl commands and keytool
CheapSSLsecurity
 
Introduction to vault
Henrik Høegh
 
Secure Keystone Deployment
Priti Desai
 
ACME and Let's Encrypt: HTTPS made easy
Gabriell Nascimento
 
NoSQL Exploitation Framework
Francis Alexander
 
Security for devs
Abdelrhman Shawky
 
Web Server Hardening
n|u - The Open Security Community
 
Credential store using HashiCorp Vault
Mayank Patel
 
The Key to Strong Cloud Security
Akeyless
 
Apache CXF Security Solutions
Daniel Kulp
 
Let's Encrypt!
Drew Fustini
 
Oracle Audit vault
uzzal basak
 
How to Never Leave Your Deployment Unattended
Altoros
 
Security with VA Smalltalk
ESUG
 
Ad

Similar to SQL Server 2017 CLR (20)

PPTX
OUGLS 2016: Guided Tour On The MySQL Source Code
Georgi Kodinov
 
PPTX
Secure360 - Extracting Password from Windows
Scott Sutherland
 
PDF
12.2 secure configureconsole_adop_changes_aioug_appsdba_nov17
pasalapudi
 
PPTX
Extracting Credentials From Windows
NetSPI
 
PDF
Building scalbale cloud native apps with .NET 8
GillesMathieu10
 
PPTX
Finding The Weak Link in Windows Binaries
Ollie Whitehouse
 
PDF
BYOP: Custom Processor Development with Apache NiFi
DataWorks Summit
 
PPTX
Oracle Goldengate Architecture & Setup.pptx
AmirShahirRoslan
 
PPTX
Enterprise-class security with PostgreSQL - 1
Ashnikbiz
 
PDF
ASP.NET MVC Workshop for Women in Technology
Małgorzata Borzęcka
 
PDF
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
 
PPTX
MySQL in oracle_environments(Part 2): MySQL Enterprise Monitor & Oracle Enter...
OracleMySQL
 
PPTX
Oracle plsql code refactoring - from anonymous block to stored procedure
Carlos Oliveira
 
PPT
kjdiakdnfdifjadsjkjklljlldasgjdjdljgfldjgldjgldjgl.ppt
Brahamam Veera
 
PPT
ow.ppt
ssuser96a63c
 
PPT
ow.ppt
NalamalpuBhakthavats
 
PPT
Ow
AlbertoItzincab1
 
PPT
ukoug2008-oracle-activedirectory-wi-131847.ppt
MartinCarrozzo
 
PPTX
Open Source License Compliance with AGL
Paul Barker
 
PPTX
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
OUGLS 2016: Guided Tour On The MySQL Source Code
Georgi Kodinov
 
Secure360 - Extracting Password from Windows
Scott Sutherland
 
12.2 secure configureconsole_adop_changes_aioug_appsdba_nov17
pasalapudi
 
Extracting Credentials From Windows
NetSPI
 
Building scalbale cloud native apps with .NET 8
GillesMathieu10
 
Finding The Weak Link in Windows Binaries
Ollie Whitehouse
 
BYOP: Custom Processor Development with Apache NiFi
DataWorks Summit
 
Oracle Goldengate Architecture & Setup.pptx
AmirShahirRoslan
 
Enterprise-class security with PostgreSQL - 1
Ashnikbiz
 
ASP.NET MVC Workshop for Women in Technology
Małgorzata Borzęcka
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
 
MySQL in oracle_environments(Part 2): MySQL Enterprise Monitor & Oracle Enter...
OracleMySQL
 
Oracle plsql code refactoring - from anonymous block to stored procedure
Carlos Oliveira
 
kjdiakdnfdifjadsjkjklljlldasgjdjdljgfldjgldjgldjgl.ppt
Brahamam Veera
 
ow.ppt
ssuser96a63c
 
ow.ppt
NalamalpuBhakthavats
 
Ow
AlbertoItzincab1
 
ukoug2008-oracle-activedirectory-wi-131847.ppt
MartinCarrozzo
 
Open Source License Compliance with AGL
Paul Barker
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
 
Ad

More from Eduardo Piairo (20)

PDF
ADDO 2021: Why and how to include database changes in the deployment pipeline
Eduardo Piairo
 
PDF
Adding unit tests to the database deployment pipeline
Eduardo Piairo
 
PDF
Start by changing the way of work
Eduardo Piairo
 
PDF
Adding unit tests to the database deployment pipeline
Eduardo Piairo
 
PDF
Adding unit tests with tSQLt to the database deployment pipeline
Eduardo Piairo
 
PDF
Adding unit tests with tSQLt to the database deployment pipeline
Eduardo Piairo
 
PDF
Operations for databases – The DevOps journey
Eduardo Piairo
 
PDF
Deployment pipeline for databases
Eduardo Piairo
 
PDF
Deployment pipeline for databases
Eduardo Piairo
 
PDF
Adding unit tests with tSQLt to the database deployment pipeline
Eduardo Piairo
 
PDF
Operations for databases: the agile/devops journey
Eduardo Piairo
 
PDF
Setting a WordPress website using Azure Web Apps And Azure Database for MySQL
Eduardo Piairo
 
PDF
Deployment pipeline for Azure SQL Databases
Eduardo Piairo
 
PDF
Operations for databases – the agile/devops journey
Eduardo Piairo
 
PDF
Delivering changes for applications and databases @ Azure
Eduardo Piairo
 
PDF
Delivering changes for databases and applications
Eduardo Piairo
 
PDF
Workshop: Delivering chnages for applications and databases
Eduardo Piairo
 
PDF
Database Source Control: Migrations vs State
Eduardo Piairo
 
PDF
Road to database automation: database source control
Eduardo Piairo
 
PDF
Deployment Pipeline for databases (Azure SQL Database, SQL Server)
Eduardo Piairo
 
ADDO 2021: Why and how to include database changes in the deployment pipeline
Eduardo Piairo
 
Adding unit tests to the database deployment pipeline
Eduardo Piairo
 
Start by changing the way of work
Eduardo Piairo
 
Adding unit tests to the database deployment pipeline
Eduardo Piairo
 
Adding unit tests with tSQLt to the database deployment pipeline
Eduardo Piairo
 
Adding unit tests with tSQLt to the database deployment pipeline
Eduardo Piairo
 
Operations for databases – The DevOps journey
Eduardo Piairo
 
Deployment pipeline for databases
Eduardo Piairo
 
Deployment pipeline for databases
Eduardo Piairo
 
Adding unit tests with tSQLt to the database deployment pipeline
Eduardo Piairo
 
Operations for databases: the agile/devops journey
Eduardo Piairo
 
Setting a WordPress website using Azure Web Apps And Azure Database for MySQL
Eduardo Piairo
 
Deployment pipeline for Azure SQL Databases
Eduardo Piairo
 
Operations for databases – the agile/devops journey
Eduardo Piairo
 
Delivering changes for applications and databases @ Azure
Eduardo Piairo
 
Delivering changes for databases and applications
Eduardo Piairo
 
Workshop: Delivering chnages for applications and databases
Eduardo Piairo
 
Database Source Control: Migrations vs State
Eduardo Piairo
 
Road to database automation: database source control
Eduardo Piairo
 
Deployment Pipeline for databases (Azure SQL Database, SQL Server)
Eduardo Piairo
 

Recently uploaded (20)

PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
PDF
iTop VPN Free 5.6.0.5262 Crack latest version 2025
itskinga12
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PPTX
assetexplorer- product-overview - presentation
nonameist3434
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
Product Update: Alluxio AI 3.7 Now with Sub-Millisecond Latency
Alluxio, Inc.
 
PPTX
Log360_SIEM_Solutions Overview PPT_Feb 2020.pptx
nonameist3434
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
iTop VPN Free 5.6.0.5262 Crack latest version 2025
itskinga12
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
assetexplorer- product-overview - presentation
nonameist3434
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Product Update: Alluxio AI 3.7 Now with Sub-Millisecond Latency
Alluxio, Inc.
 
Log360_SIEM_Solutions Overview PPT_Feb 2020.pptx
nonameist3434
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
Designing Intelligence for the Shop Floor.pdf
nikglvk
 

SQL Server 2017 CLR