| Bug #64716 | MySql.Data in GAC, still SecurityException | ||
|---|---|---|---|
| Submitted: | 21 Mar 2012 8:16 | Modified: | 10 Oct 2012 16:09 |
| Reporter: | Dennis Minderhoud | Email Updates: | |
| Status: | No Feedback | Impact on me: | |
| Category: | Connector / NET | Severity: | S1 (Critical) |
| Version: | 6.5.4.0 | OS: | Windows (vista, 7, 2008) |
| Assigned to: | Assigned Account | CPU Architecture: | Any |
| Tags: | MySql data GAC trust security exception | ||
[9 Apr 2012 4:08]
Gabriela Martinez Sanchez
Hi Dennis, I've been reviewing this issue and found out that there's a workaround already. It consists by adding the MySqlClientPermission new class to the medium trust web configuration file. Although this is just a workaround since the right solution would be demanding the permissions inside the connector which is the fix we're codding. Could you please let us know is the workaround worked for you? Thanks in advance.
[10 Apr 2012 8:13]
Dennis Minderhoud
We've implemented the workaround for this moment. It works as expected, but we'de like to use it in the matter as it should be. (the demand from the connector itself) Please keep us informed about the solution.
[17 May 2012 20:43]
Gabriela Martinez Sanchez
According the asp.net documentation, there is indeed a set up in the service configuration of Web Hosting Provider so this issue is not a bug but a missed configuration when using medium trust. From 6.5.x version a new class was introduced as part of the implementation for medium/partial trust scenarios so the users have to add this new class inside the trust policy file of the hosting provider. If the hosting provider configuration allows to override the policy in an application level then this can be done in the web.config file in the root directory of the web application otherwise this will have to be added in the medium trust configuration file. The way you must include the MySQLClientPermissions is as follow: 1 - For the section of the SecurityClasses you should add the definition of the MySQLClientPermission class. Please replace the x in the version field with the exact version of Connector/Net 6.5 you're using. <SecurityClass Name="MySqlClientPermission" Description="MySql.Data.MySqlClient.MySqlClientPermission, MySql.Data, Version=6.5.x.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" /> 2 - For the section of the NamedPermissionSets add: <IPermission class="MySqlClientPermission" version="1"> <add connectionString="Server=;Database=;User=;Password=;Port=;" restrictions="" KeyRestrictionBehavior="PreventUsage" /> </IPermission> Notice that this includes the properties you'll be using in all your connections strings. If you want to use a none restricted way you can use: <IPermission class="MySqlClientPermission" version="1" Unrestricted="true" /> We always encourage you to make a back up before doing any changes to avoid any configuration issue after this set up. Please let us know if you need further information.
[29 May 2012 7:55]
Jan Reilink
We're the webhosting company where Dennis' company hosts some websites. We've included MySQLClientPermissions exactly as you described. From our .NET configuration: <SecurityClass Name="MySqlClientPermission" Description="MySql.Data.MySqlClient.MySqlClientPermission, MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" /> <IPermission class="MySqlClientPermission" version="1"> <add connectionString="Server=;Database=;User=;Password=;Port=;Pooling=;" restrictions="" KeyRestrictionBehavior="PreventUsage" /> </IPermission> Shouldn't be too much wrong with this. We've also played with Unrestrited="true", which doesn't function either. Also see http://www.saotn.nl/2012/03/28/mysql-connector-net-6-5-partial-trust/ and http://stackoverflow.com/questions/9792920/mysql-data-in-gac-still-securityexception and http://bugs.mysql.com/bug.php?id=65036 for more on this MySQLClientPermissions issue. It could be that the ReflectionPermission is the wrongdoer; default hosted setting is "RestrictedMemberAccess", which generates errors. When set to MemberAccess, the Connector/NET drivers functions.
[2 Jun 2012 16:02]
Gabriela Martinez Sanchez
Hi Jan, thanks for your report. I have personally tested the configuration and it worked for me. What I did was to update medium trust web config file (%windir%\Microsoft.NET\Framework\{version}\CONFIG) as you described. In order to see what the problem is could you please post the error you're getting along with the stack trace?.
Thanks in advance.
[3 Jul 2012 1:00]
Bugs System
No feedback was provided for this bug for over a month, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open".
[10 Sep 2012 16:00]
pablo tierno
I am having the same issues with this version. There is a way to get it working?
[10 Sep 2012 16:09]
Gabriela Martinez Sanchez
Hi Pablo, Could you please tell us more details in order to know what the problem is: - Which Connector/Net version you're working with. - Which ASP.Net version. - What is the error message you are getting and the Call Stack. Hope you can give us more information. Thanks.
[11 Oct 2012 1:00]
Bugs System
No feedback was provided for this bug for over a month, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open".
Description: I have a problem with MySql.Data in a partial trusted environment. I've added MySql.Data to the GAC (by installing it with the MSI from the mysql.com site). As you can see here: >gacutil /l | grep -i mysql MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL MySql.Data.CF, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c4 4d, processorArchitecture=MSIL MySql.Data.Entity, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc889 69c44d, processorArchitecture=MSIL MySql.Web, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d, processorArchitecture=MSIL > I've add the following to my web.config: <configuration> <system.web> <trust level="Vevida"/> <compilation debug="true" targetFramework="4.0"> <assemblies> <add assembly="MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d"/> </assemblies> </compilation> </system.web> </configuration> But I still get the following exception: Exception Details: System.Security.SecurityException: Request for the permission of type 'MySql.Data.MySqlClient.MySqlClientPermission, MySql.Data, Version=6.5.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d' failed. It is thrown when I try to open a connection. I'm not sure what I can check more. According to the MySql documentation, I need at least the following permissions: System.Net.SocketPermission, System.Security.Permissions.ReflectionPermission, System.Net.DnsPermission, and System.Security.Permissions.SecurityPermission In my trust level I these: <IPermission class="SocketPermission" version="1" Unrestricted="true"> </IPermission> <IPermission class="ReflectionPermission" version="1" Flags="RestrictedMemberAccess"/> <IPermission class="DnsPermission" version="1" Unrestricted="true"/> <IPermission class="SecurityPermission" version="1" Flags="Execution,ControlPrincipal,ControlThread,SerializationFormatter"/> As far as I can see in the documentation, this is enough. Also tried to set the SecurityPermission and ReflectionPermission to unrestricted, this didn't help. How to repeat: Described as above Suggested fix: N/A