PERMISSION_SET = UNSAFE why?

Re: PERMISSION_SET = UNSAFE why?

"Greg Larsen" <gregalarsen@re moveit.msn.comw rote in message
news:2F4A7199-33BD-40C4-9C79-B3406D0C9C1E@mi crosoft.com...The permissions granted by EXTERNAL_ACCESS are as follows:

EnvironmentPerm ission Unrestricted --
FileIOPermissio n Unrestricted --
RegistryPermiss ion Restricted Read only access to HKEY_CLASSES_RO OT,
HKEY_LOCAL_MACH INE, HKEY_CURRENT_US ER, HKEY_CURRENT_CO NFIG, and HKEY_USERS
SecurityPermiss ion Restricted Assertion, Execution, SerializationFo rmatter,
ControlPrincipa l
KeyContainerPer mission Unrestricted --
SqlClientPermis sion Unrestricted --
EventLogPermiss ion Restricted Only on local machine, by Administrators only
DnsPermission Unrestricted --
SocketPermissio n Restricted IP address only
WebPermission Restricted Access local host only via HTTP
SmtpPermission Restricted Connect access only
NetworkInformat ionPermission Restricted Ping access only
DistributedTran sactionPermissi on Unrestricted --
StorePermission Unrestricted --


As you can see, you get Unrestricted FileIOPermissio n, so if the operations
that you mean when you mention "get some disk information" can be done via
standard File IO, you should be able to do it with PERMISSION_SET =
EXTERNAL_ACCESS .
However, if you are doing something that is not included in the preceding
table, such as using p/Invoke to call into the Windows API, then you will
need to register it as UNSAFE. If you don't want to do this, I imagine that
you could (I haven't tried it) encapsulate your functionality in a different
assembly that does an Assert for the needed permission and is installed into
the GAC, and then call this assembly from the one that you registered in sql
server.