Do you have a comment or suggestion to improve SQL Server? We’d love to hear it!

Allow restricted EXTERNAL_ACCESS for SQLCLR on Linux and in Azure Managed Instances

When using SQLCLR in SQL Server on Linux (and I presume also in Azure SQL Database Managed Instances), only code running as PERMISSION_SET = SAFE is allowed. I would like to be able to do just network operations: WebRequests for HTTP / FTP, and SqlConnection using a regular / external connection and not the Context Connection, at the very least. If it's all the same, then there are also use cases for doing things like ping and SMTP.

I understand why UNSAFE is not allowed and am ok with that. I was also told that EXTERNAL_ACCESS was not allowed because Linux handles things like the file system differently (and I expect that other differences such as no Registry play a role). And even in cases where file system / registry handling is the same (possibly Azure), then there are security concerns that make such things infeasible.

However, in both the Linux and Azure Managed Instances cases (and even Azure SQL Database, if / when SQLCLR is ever re-enabled there), I would think (or at least hope) that accessing the network stack (TCP/IP, at least) does not have the same technical issues and/or security concerns.

Can EXTERNAL_ACCESS be allowed in these environments with the understanding that it provides access to ONLY the network and not to things like: file system, registry, environment variables, etc?

1 vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Solomon Rutzky shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base