|
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
但我们知道,若使用statement,并没有上述需要的数据。试想binlog中记录了一句updatetsetf1=3whereid=3。怎么恢复呢?server|sqlserver|存储历程|会见|办理|数据|数据库|成绩比来用ASP.net2.0+SQLServer做一个网页表单的提交,利用C#编写存储历程来完成向SQLServer数据库表中拔出纪录的操纵。在挪用这个存储历程时,呈现了关于存储权限的一个非常。上面胪陈非常发生的历程息争决计划。
1.操纵步骤:
1)利用ASP.net2.0,用C#写了一个存储历程,对数据库test中的一个表举行操纵,代码以下:
publicclassStoredProcedures
{
[Microsoft.SqlServer.Server.SqlProcedure]
publicstaticvoidSubmit(stringstrAnswer)
{
using(SqlConnectionconnection=newSqlConnection("DataSource=WS;InitialCatalog=test;IntegratedSecurity=False;Trusted_Connection=yes;"))
{
connection.Open();//***实行到这一步呈现非常,详见下文所述***
StringcmdTxt="INSERTINTOdbo.Response_SCL90VALUES("+strAnswer+")";
SqlCommandcommand=newSqlCommand(cmdTxt,connection);
SqlDataReaderreader=command.ExecuteReader();
}
}
}
2)编译天生了Submit_Answer.dll,接着,在SQLServer中注册这个dll,并创立存储历程,SQL剧本以下:
CREATEASSEMBLYSubmit_Answer
FROMD:studyC#测评体系WebSite1StoredProcedureSubmit_Answer�inDebugSubmit_Answer.dll;
GO
CREATEPROCEDUREdbo.Submit_Answer
(
@strAnswernvarchar(256)
)
WITHEXECUTEASOWNER
AS
EXTERNALNAMESubmit_Answer.StoredProcedures.Submit
GO
3)最初,在.net中挪用这个存储历程,代码以下:
SqlConnectionconnection=newSqlConnection("DataSource=WS;InitialCatalog=test;IntegratedSecurity=False;Trusted_Connection=yes;");
StringcmdTxt="dbo.Submit_Answer";
SqlCommandcommand=newSqlCommand(cmdTxt,connection);
command.CommandType=CommandType.StoredProcedure;
command.Parameters.Add("@strAnswer",SqlDbType.NVarChar);
command.Parameters["@strAnswer"].Value=strAnswer;
command.Connection.Open();
SqlDataReaderdr=command.ExecuteReader();
command.Connection.Close();
2.非常形貌:
在实行到存储历程connection.Open();一句时,呈现非常,非常形貌和事先的仓库信息以下:
非常具体信息:System.Data.SqlClient.SqlException:A.NETFrameworkerroroccurredduringexecutionofuserdefinedroutineoraggregateSubmit_Answer:
System.Security.SecurityException:RequestforthepermissionoftypeSystem.Data.SqlClient.SqlClientPermission,System.Data,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b77a5c561934e089failed.
System.Security.SecurityException:
atSystem.Security.CodeAccessSecurityEngine.Check(Objectdemand,StackCrawlMark&stackMark,BooleanisPermSet)
atSystem.Security.PermissionSet.Demand()
atSystem.Data.Common.DbConnectionOptions.DemandPermission()
atSystem.Data.SqlClient.SqlConnection.PermissionDemand()
atSystem.Data.SqlClient.SqlConnectionFactory.PermissionDemand(DbConnectionouterConnection)
atSystem.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnectionouterConnection,DbConnectionFactoryconnectionFactory)
atSystem.Data.SqlClient.SqlConnection.Open()
atStoredProcedures.Submit(SqlCharsstrAnswer)
3.扼要剖析:
看来是在存储过程当中没有对数据库的会见权限,由于在数据库毗连Open时就堕落了,查找了一些材料,也没发明成绩在哪。厥后便在社区中发问了。
4.办理计划:
在“MS-SQLServer疑问成绩”版面,zlp321002(龙卷风2006)对这个成绩举行解答,概况请见:
http://community.csdn.net/Expert/TopicView3.asp?id=4790457
现收拾和总结以下:
(十分感激zlp321002(龙卷风2006),上面形貌的办理计划源自zlp321002(龙卷风2006))
1)翻开数据库的内部会见选项(external_access_option)
AlterDatabase数据库名
SETTRUSTWORTHYON
reference:关于数据库内部会见选项(external_access_option)的形貌(摘录自SQLServerBooksOnline)
TRUSTWORTHY{ON|OFF}
ON
Databasemodules(forexample,user-definedfunctionsorstoredprocedures)thatuseanimpersonationcontextcanaccessresourcesoutsidethedatabase.
OFF
Databasemodulesinanimpersonationcontextcannotaccessresourcesoutsidethedatabase.
TRUSTWORTHYissettoOFFwheneverthedatabaseisattached.
Bydefault,themasterdatabasehasTRUSTWORTHYsettoON.ThemodelandtempdbdatabasesalwayshaveTRUSTWORTHYsettoOFF,andthevaluecannotbechangedforthesedatabases.
Tosetthisoption,requiresmembershipinthesysadminfixedserverrole.
Thestatusofthisoptioncanbedeterminedbyexaminingtheis_trustworthy_oncolumninthesys.databasescatalogview.
2)设置存储历程dll的PERMISSION_SET为EXTERNAL_ACCESS
将操纵步骤第2)步华夏来的
CREATEASSEMBLYSubmit_Answer
FROMD:studyC#测评体系WebSite1StoredProcedureSubmit_Answer�inDebugSubmit_Answer.dll
GO
改成:
CREATEASSEMBLYSubmit_Answer
FROMD:studyC#测评体系WebSite1StoredProcedureSubmit_Answer�inDebugSubmit_Answer.dll
WITHPERMISSION_SET=EXTERNAL_ACCESS
GO
reference:关于CREATEASSEMBLY中PERMISSION_SET设置(摘录自SQLServerBooksOnline)
PERMISSION_SET{SAFE|EXTERNAL_ACCESS|UNSAFE}
SpecifiesasetofcodeaccesspermissionsthataregrantedtotheassemblywhenitisaccessedbySQLServer.Ifnotspecified,SAFEisappliedasthedefault.
WerecommendusingSAFE.SAFEisthemostrestrictivepermissionset.CodeexecutedbyanassemblywithSAFEpermissionscannotaccessexternalsystemresourcessuchasfiles,thenetwork,environmentvariables,ortheregistry.
EXTERNAL_ACCESSenablesassembliestoaccesscertainexternalsystemresourcessuchasfiles,networks,environmentalvariables,andtheregistry.
UNSAFEenablesassembliesunrestrictedaccesstoresources,bothwithinandoutsideaninstanceofSQLServer.CoderunningfromwithinanUNSAFEassemblycancallunmanagedcode.
SecurityNote:
SAFEistherecommendedpermissionsettingforassembliesthatperformcomputationanddatamanagementtaskswithoutaccessingresourcesoutsideaninstanceofSQLServer.WerecommendusingEXTERNAL_ACCESSforassembliesthataccessresourcesoutsideofaninstanceofSQLServer.EXTERNAL_ACCESSassembliesincludethereliabilityandscalabilityprotectionsofSAFEassemblies,butfromasecurityperspectivearesimilartoUNSAFEassemblies.ThisisbecausecodeinEXTERNAL_ACCESSassembliesrunsbydefaultundertheSQLServerserviceaccountandaccessesexternalresourcesunderthataccount,unlessthecodeexplicitlyimpersonatesthecaller.Therefore,permissiontocreateEXTERNAL_ACCESSassembliesshouldbegrantedonlytologinsthataretrustedtoruncodeundertheSQLServerserviceaccount.Formoreinformationaboutimpersonation,seeCLRIntegrationSecurity.SpecifyingUNSAFEenablesthecodeintheassemblycompletefreedomtoperformoperationsintheSQLServerprocessspacethatcanpotentiallycompromisetherobustnessofSQLServer.UNSAFEassembliescanalsopotentiallysubvertthesecuritysystemofeitherSQLServerorthecommonlanguageruntime.UNSAFEpermissionsshouldbegrantedonlytohighlytrustedassemblies.OnlymembersofthesysadminfixedserverrolecancreateandalterUNSAFEassemblies.
做完上述修正后,再次运转网页,提交表单,不再呈现非常了。
5.小结:
看来这个存储历程会见权限的办理是从上面两个方面举行:起首翻开数据库的内部会见选项,同意数据库的模块会见内部资本;接着设置谁人存储历程dll的PERMISSION_SET,即设置这个dll的会见权限为同意会见内部资本。如许,存储历程就能够会见数据库了。
支持多种存储引擎。 |
|
发表于 2015-1-16 22:23:14
收藏
转播
分享
淘帖
顶
踩
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜