Solomon Rutzky has started a series on CLR in SQL Server 2017 and lays down a gauntlet:
What all of that means is that, assuming clr strict security is “1” (i.e. enabled), and TRUSTWORTHY is “OFF” for the Database in which an Assembly is being created, then in order to create any Assembly you first need to:
- Sign the Assembly with a strong-name key or a certificate
- Create an Asymmetric Key or Certificate in master from whatever you signed the Assembly with
- Create a Login based on that Asymmetric Key or Certificate
- Grant that Login the UNSAFE ASSEMBLY permission
Is that really so bad? Aren’t many of us (hopefully!) already doing that?
Solomon’s not very happy with the way that CLR security works in 2017, but he does have solutions of his own in mind.