The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

.NET Buzz Forum
DAT318: SQL Server 2005 CLR Integration

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Tim Sneath

Posts: 395
Nickname: timsneath
Registered: Aug, 2003

Tim Sneath is a .NET developer for Microsoft in the UK.
DAT318: SQL Server 2005 CLR Integration Posted: May 26, 2004 7:16 PM
Reply to this message Reply

This post originated from an RSS feed registered with .NET Buzz by Tim Sneath.
Original Post: DAT318: SQL Server 2005 CLR Integration
Feed Title: Tim Sneath's Blog
Feed URL: /msdnerror.htm?aspxerrorpath=/tims/Rss.aspx
Feed Description: Random mumblings on Microsoft, .NET, and other topics. 		Latest .NET Buzz Posts
Latest .NET Buzz Posts by Tim Sneath
Latest Posts From Tim Sneath's Blog

Advertisement

I've already blogged about this topic in some depth (1 2 3 4), so I've highlighted a few notes of interest from Ramachandran and Makesh's session:

Restricting the CLR
Not all of the Base Class Libraries in the .NET Framework are available in the database. Functionality "not applicable" to the database is disallowed. Most of System.* is available, but many non-applicable services are not supported, such as System.Windows.Forms, System.Drawing, System.Web. This is achieved through a "fusion loader hook" in CLR hosting. How does that work? When you look up an assembly today, the CLR finds it using Fusion. SQL Server 2005 intercepts that search for the hosted environment and loads it from the database itself instead.

Even in supported assemblies, some APIs are not available in SQL. This is achieved through a new HostProtection attribute in the CLR (this is extensible by third-party libraries). You can reflect on an assembly and list these methods, and a full list will be available in the SQL Server 2005 documentation. Potentially unreliable constructs are disabled, such as thread creation, socket listening, and finalizers.

Tips for using the In-Proc Provider

  • Use SqlPipe.Execute() instead of cmd.ExecuteReader(). This allows you to simply stream back data without marshalling the results into the managed environment.
  • Use SqlDataReader instead of T-SQL cursors: it's the fastest way to enumerate rows.
  • Use SqlExecutionContext for static SQL patterns to improve performance.

Security Tips for DBAs

  • Use sp_configure 'clr enabled' to enable the CLR hosting in the engine - it's off by default
  • Use the CREATE ASSEMBLY permission to control the creation of assemblies
  • Use the REFERENCES permission to protect schema binding on assemblies
  • Use the EXECUTE permission to regulate who can execute routines
  • Catalog view security works as expected
  • Use the EXTERNAL ACCESS permission to regulate who can create external access code
  • Recommendations: use safe assemblies - this is the default and is closest to the T-SQL model. If you are going off the box, you need to question the impersonation strategy. By default, SQL does not impersonate. But you can use EXECUTE AS to specify a specific SQL context for impersonation.
  • Avoid unsafe assemblies - they can compromise system reliability and correctness.

Read: DAT318: SQL Server 2005 CLR Integration

Topic: Orkut Error Message Previous Topic   Next Topic Topic: Another great SO perspective
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use