Security Requirements On .NET Platform

This topic applies to .NET version only.

db4o requires certain security permissions to be granted for successfull execution. It is important to know these permission requirements if the environment where db4o will be used is not fully trusted. .NET security model is out of scope of this article, to find out more about it use internet search on ".NET security permissions".

Security permissions of an assembly can be calculated with the help of PermCalc tool, which can be found in VS2005 installation:

[Visual Studio Home]\SDK\v2.0\Bin

The following command line will calculate the minimum security permissions for Db4objects.Db4o.dll and will safe them in xml format Sandbox.Permcalc.xml document:

PermCalc.exe -sandbox Db4objects.Db4o.dll

The output should look like this:

Db4o.Xml

01<?xml version="1.0"?>
02<Sandbox>
03  <PermissionSet version="1" class="System.Security.PermissionSet">
04    <IPermission version="1" class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Read="*AllFiles*" PathDiscovery="*AllFiles*" />
05    <IPermission version="1" class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Flags="MemberAccess" />
06    <IPermission version="1" class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Flags="UnmanagedCode, Execution, ControlEvidence, SerializationFormatter, ControlAppDomain" />
07    <IPermission Window="SafeSubWindows" Clipboard="OwnClipboard" version="1" class="System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
08    <IPermission version="1" class="System.Security.Permissions.KeyContainerPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Unrestricted="true" />
09  </PermissionSet>
10</Sandbox>

(UIPermission is not required).

The table below contains short explanation of each permission requirement. For the complete list of method calls requiring special security permissions, please run permcalc tool with -Stacks parameter. (More information on PermCalc can be found on MSDN site).

Permission name	Functionality
FileIOPermission	File read, write and create permissions are required for the corresponding operations on the database file. db4o does not restrict the location of a database file, therefore these permissions and browsing permission is required for all files in the system.
ReflectionPermission	db4o ability to create runtime objects from the database data is based on reflection. Reflection should be allowed.
SecurityPermission:
UnmanagedCode	Unmanaged code is used internally for file access and socket operations.
Execution	Permission for the code to run. Without this permission, managed code will not be executed.
ControlEvidence	Is required internally to make use of some .NET functionality
SerializationFormatter	Used to utilize serialization services (formatters)
ControlAppDomain	Utilized with AppDomain functions.
KeyContainerPermission	Is used in .NET Socket operations.

When you deploy an assembly, you must take into consideration all the assemblies that can be referenced from the original assembly. db4o can be deployed with the following additional assemblies:

Db4objects.Db4o.NativeQueries.dll : for runtime NQ optimization;
Db4objects.Db4o.Instrumentation.dll : bytecode instrumentation library (required for NQ optimization).

The following table lists the permission requirements of these auxiliary assemblies:

Assembly	Permission requirements
Db4objects.Db4o.NativeQueries	No specific permissions
Db4objects.Db4o.Instrumentation	SecurityPermission(UnmanagedCode) UIPermission