Skip to content

breaking-changes-to-database-engine-features-in-sql-server-2017.md

Latest commit

 

History

History
53 lines (39 loc) · 3.76 KB

breaking-changes-to-database-engine-features-in-sql-server-2017.md

File metadata and controls

53 lines (39 loc) · 3.76 KB

title: "Breaking Changes to Database Engine Features in SQL Server 2017 | Microsoft Docs" description: "Breaking changes to Database Engine Features in SQL Server 2017" ms.date: "04/19/2017" ms.prod: sql ms.prod_service: high-availability ms.component: "database-engine" ms.reviewer: "" ms.suite: "sql" ms.custom: "" ms.technology:

  • "database-engine" ms.tgt_pltfrm: "" ms.topic: conceptual helpviewer_keywords:
  • "breaking changes 2017 [SQL Server]" ms.assetid: caps.latest.revision: 1 author: MikeRayMSFT ms.author: mikeray manager: craigg monikerRange: ">=sql-server-2017||=sqlallproducts-allversions||>=sql-server-linux-2017"

Breaking Changes to Database Engine Features in [!INCLUDEsssqlv14-md]

[!INCLUDEtsql-appliesto-ss2017-xxxx-xxxx-xxx-md]

This topic describes breaking changes in the [!INCLUDEsssqlv14-md][!INCLUDEssDE]. These changes might break applications, scripts, or functionalities that are based on earlier versions of [!INCLUDEssNoVersion]. You might encounter these issues when you upgrade.

Breaking Changes in [!INCLUDEsssqlv14-md][!INCLUDEssDE]

  • CLR uses Code Access Security (CAS) in the .NET Framework, which is no longer supported as a security boundary. Beginning with [!INCLUDEsssqlv14-md][!INCLUDEssDE], an sp_configure option called clr strict security is introduced to enhance the security of CLR assemblies. clr strict security is enabled by default, and treats SAFE and EXTERNAL_ACCESS CLR assemblies as if they were marked UNSAFE. The clr strict security option can be disabled for backward compatibility, but this is not recommended. When clr strict security is disabled, a CLR assembly created with PERMISSION_SET = SAFE may be able to access external system resources, call unmanaged code, and acquire sysadmin privileges. After enabling strict security, any assemblies that are not signed will fail to load. Also, if a database has SAFE or EXTERNAL_ACCESS assemblies, RESTORE or ATTACH DATABASE statements can complete, but the assemblies may fail to load.
    To load the assemblies, you must either alter or drop and recreate each assembly so that it is signed with a certificate or asymmetric key that has a corresponding login with the UNSAFE ASSEMBLY permission on the server. For more information, see CLR strict security.

Previous Versions

See Also

Deprecated Database Engine Features in SQL Server 2016
Discontinued Database Engine Functionality in SQL Server 2016
SQL Server Database Engine Backward Compatibility
ALTER DATABASE Compatibility Level (Transact-SQL)