<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns:MadCap="http://www.madcapsoftware.com/Schemas/MadCap.xsd" MadCap:lastBlockDepth="2" MadCap:lastHeight="120" MadCap:lastWidth="624" MadCap:disableMasterStylesheet="true" MadCap:tocPath="Platform Specific Issues" MadCap:InPreviewMode="false" MadCap:RuntimeFileType="Topic" MadCap:TargetType="WebHelp" MadCap:PathToHelpSystem="../../" MadCap:HelpSystemFileName="index.xml" MadCap:SearchType="Stem">
<head><title>Security Requirements On .NET Platform </title>
<script type="text/javascript">/* <![CDATA[ */
window.onload = function(){
var pathToFlash = $('html').attr('MadCap:PathToHelpSystem') + 'Content/Resources/Code/ZeroClipboard.swf';
ZeroClipboard.setMoviePath(pathToFlash);
function bindToClipBord(element,content){
var clip = new ZeroClipboard.Client();
clip.setText(content);
clip.glue(element);
};
if(location.protocol==='file:'){
$('.copylink-marker').remove();
} else{
$('.copylink-marker').each(function(){
var text = $(this).parent().parent().children('.prettyprint').html();
$(this).hover(function(){
bindToClipBord(this,text);
},
function(){});
});
}
prettyPrint();
};
/* ]]> */</script>
<link href="../SkinSupport/MadCap.css" rel="stylesheet" />
<link href="../Resources/Stylesheets/OnlineStyle.css" rel="stylesheet" />
<script src="../Resources/Code/prettify.js">
</script>
<script src="../Resources/Code/lang-vb.js">
</script>
<script src="../Resources/Code/jquery.min.js">
</script>
<script src="../Resources/Code/ZeroClipboard.js">
</script>
<script src="../SkinSupport/MadCapAll.js" type="text/javascript">
</script>
</head>
<body>
<p class="MCWebHelpFramesetLink" style="display: none;"><a href="../../index_CSH.html#platform_specific_issues/security_requirements_on_.net_platform.htm" style="">Open topic with navigation</a>
</p>
<div class="MCBreadcrumbsBox"><span class="MCBreadcrumbsPrefix">You are here: </span><a class="MCBreadcrumbsLink" href="../platform_specific_issues.htm">Platform Specific Issues</a><span class="MCBreadcrumbsDivider"> > </span><span class="MCBreadcrumbs">Security Requirements On .NET Platform</span>
</div>
<p>
<script type="text/javascript">/*<![CDATA[*/document.write('<a href="' + location.href +'">');
document.write("Direct Link");
document.write('</a>');/*]]>*/</script>
</p>
<p>
</p>
<h1><a name="kanchor112"></a>Security Requirements On .NET Platform</h1>
<p>db4o requires certain security permissions to be granted for successful execution. It is important to know these permission requirements in a not fully trusted environment. .NET security model is out of scope of this article, to find out more about it use Internet search on ".NET security permissions". </p>
<p>Security permissions of an assembly can be calculated with the help of PermCalc tool, which can be found in Visual Studio installation:</p>
<p>[Visual Studio Home]\SDK\v2.0\Bin</p>
<p>The following command line will calculate the minimum security permissions for Db4objects.Db4o.dll and will safe them in xml format Sandbox.Permcalc.xml document:</p>
<p><code>PermCalc.exe -sandbox Db4objects.Db4o.dll</code>
</p>
<p>The output should look like this:</p>
<pre class="prettyprint" xml:space="preserve">Db4o.Xml
<?xml version="1.0"?>
<Sandbox>
<PermissionSet version="1" class="System.Security.PermissionSet">
<IPermission version="1"
class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089"
Read="*AllFiles*" PathDiscovery="*AllFiles*" />
<IPermission version="1"
class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" Flags="MemberAccess" />
<IPermission version="1" class="System.Security.Permissions.SecurityPermission,
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Flags="UnmanagedCode, Execution, ControlEvidence, SerializationFormatter,
ControlAppDomain" />
<IPermission Window="SafeSubWindows" Clipboard="OwnClipboard" version="1"
class="System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<IPermission version="1"
class="System.Security.Permissions.KeyContainerPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Unrestricted="true" />
</PermissionSet>
</Sandbox></pre>
<p>(UIPermission is not required).</p>
<p>The table below contains short explanation of each permission requirement. For the complete list of method calls requiring special security permissions, please run permcalc tool with -Stacks parameter. (More information on PermCalc can be found on <a href="http://msdn2.microsoft.com/">MSDN</a> site).</p>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td style="width:432px;" valign="top">
<p><b>Permission name</b>
</p>
</td>
<td style="width:432px;" valign="top">
<p><b>Functionality</b>
</p>
</td>
</tr>
<tr>
<td style="width:432px;" valign="top">
<p>FileIOPermission</p>
</td>
<td style="width:432px;" valign="top">
<p>File read, write and create permissions are required for the corresponding operations on the database file. db4o does not restrict the location of a database file, therefore these permissions and browsing permission is required for all files in the system.</p>
</td>
</tr>
<tr>
<td style="width:432px;" valign="top">
<p>ReflectionPermission</p>
</td>
<td style="width:432px;" valign="top">
<p>db4o ability to create runtime objects from the database data is based on reflection. Reflection should be allowed.</p>
</td>
</tr>
<tr>
<td style="width:432px;" valign="top">
<p>SecurityPermission:</p>
</td>
<td style="width:432px;" valign="top">
</td>
</tr>
<tr>
<td style="width:432px;" valign="top">
<p><i>UnmanagedCode</i><i></i>
</p>
</td>
<td style="width:432px;" valign="top">
<p>Unmanaged code is used internally for file access and socket operations.</p>
</td>
</tr>
<tr>
<td style="width:432px;" valign="top">
<p><i>Execution</i><i></i>
</p>
</td>
<td style="width:432px;" valign="top">
<p>Permission for the code to run. Without this permission, managed code will not be executed.</p>
</td>
</tr>
<tr>
<td style="width:432px;" valign="top">
<p><i>ControlEvidence</i><i></i>
</p>
</td>
<td style="width:432px;" valign="top">
<p>Is required internally to make use of some .NET functionality</p>
</td>
</tr>
<tr>
<td style="width:432px;" valign="top">
<p><i>SerializationFormatter</i><i></i>
</p>
</td>
<td style="width:432px;" valign="top">
<p>Used to utilize serialization services (formatters)</p>
</td>
</tr>
<tr>
<td style="width:432px;" valign="top">
<p><i>ControlAppDomain</i><i></i>
</p>
</td>
<td style="width:432px;" valign="top">
<p>Utilized with AppDomain functions.</p>
</td>
</tr>
<tr>
<td style="width:432px;" valign="top">
<p>KeyContainerPermission</p>
</td>
<td style="width:432px;" valign="top">
<p>Is used in .NET Socket operations.</p>
</td>
</tr>
</table>
<p>When you deploy an assembly, you must take into consideration all the assemblies that can be referenced from the original assembly. db4o can be deployed with the following additional assemblies:</p>
<ul>
<li value="1">Db4objects.Db4o.NativeQueries.dll : for runtime <a href="../basics/querying/native_queries.htm">NQ</a> optimization;</li>
<li value="2">Db4objects.Db4o.Instrumentation.dll : bytecode instrumentation library (required for <a href="../basics/querying/native_queries.htm">NQ</a> optimization).</li>
</ul>
<p>The following table lists the permission requirements of these auxiliary assemblies:</p>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td style="width:454px;" valign="top">
<p><b>Assembly</b>
</p>
</td>
<td style="width:454px;" valign="top">
<p><b>Permission requirements</b>
</p>
</td>
</tr>
<tr>
<td style="width:454px;" valign="top">
<p>Db4objects.Db4o.NativeQueries</p>
</td>
<td style="width:454px;" valign="top">
<ul>
<li value="1">No specific permissions </li>
</ul>
</td>
</tr>
<tr>
<td style="width:454px;" valign="top">
<p>Db4objects.Db4o.Instrumentation</p>
</td>
<td style="width:454px;" valign="top">
<ul>
<li value="1">SecurityPermission(UnmanagedCode)</li>
<li value="2">UIPermission </li>
</ul>
</td>
</tr>
</table>
<p MadCap:conditions="Primary.Online">Download example permission:</p>
<p MadCap:conditions="Primary.Online"><a href="sandbox.permcalc.xml">permcalc.xml</a>
</p>
<script type="text/javascript" src="../SkinSupport/MadCapBodyEnd.js">
</script>
</body>
</html>
