SQL Server has many features that support creating secure database applications. In this blogpost I’ll guide you through the latest security features in SQL Server 2017: Common Language Runtime (CLR), dynamic data masking, row level security and always encrypted.
Common Language Runtime (CLR)
CLR assemblies are created to execute .NET code inside SQL Server. All assemblies that are ‘safe’ or have ‘external access’ as permission set, will be treated as unsafe assemblies in SQL 2017. This, because safe assemblies in theory don’t access external resources, can still happen. This means that starting from SQL 2017 all assemblies need to be signed with either a certificate or an assymetric key.
“SQL Server contains many extensibility features and mechanisms. Most of these mechanisms are disabled by default. However, we advise customers to review each production instance for extensibility feature use. We recommend that each of these features be restricted to the minimum set of binaries, and that customers restrict access to prevent arbitrary code from running on the same computer as SQL Server. We advise customers to determine whether to trust each binary, and to disable or remove untrusted binaries.