When using Entity Framework 4, your transofmrations (model to classes, DB to model, etc) are performed by T4 Text Templates.
Those templates are executed all over the place (when saving your project, building your project, changing your model, etc).
Since anyone can insert a T4 Text Template into Visual Studio, and those are scripts, it is a potential vulnerability.
The default Visual Studio behaviour is to show you a dialog like this:
[Security Warning] Running this text template can potentially harm your computer. Do not run it if you obtain if rtom an untrusted source. Click OK. to run the template. Click Cancel top stop the process. [X] Do not show this message again [OK] [Cancel]
Some blogs mention Just click OK and feel free to check “do not show this message again.”
I’m not sure I want that: it would indicate I always trust T4 Text Templates, even the ones added in the future (T4 Text Templates are executable content, malicious software could find it’s way into your development environment; anyone remember the virus that hooked itself into the run-time library sources of a development system so it would spread through anything compiled on that system?).
But I also don’t want to click OK on that dialog.
It would be so nice if the dialog:
- Showed which template is about to be executed
- Allowed me to skip only for that particular template
Anyone better thoughts on this?
–jeroen
via Customizing EDM Code Gen in EF4 : Don’t Be Iffy.
