The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,856 other followers

Archive for April 13th, 2011

Entity Framework 4 – security warning popup workaround: Do you trust all the T4 “text templates” on your system, even future ones?

Posted by jpluimers on 2011/04/13

When using Entity Framework 4, your transofmrations (model to classes, DB to model, etc) are performed by T4 Text Templates.

Those templates are executed all over the place (when saving your project, building your project, changing your model, etc).

Since anyone can insert a T4 Text Template into Visual Studio, and those are scripts, it is a potential vulnerability.

The default Visual Studio behaviour is to show you a dialog like this:

[Security Warning]

Running this text template can potentially harm your computer. Do not run it if you
obtain if rtom an untrusted source.

Click OK. to run the template.
Click Cancel top stop the process.

[X] Do not show this message again

[OK]  [Cancel]

Some blogs mention Just click OK and feel free to check “do not show this message again.”

I’m not sure I want that: it would indicate I always trust T4 Text Templates, even the ones added in the future (T4 Text Templates are executable content, malicious software could find it’s way into your development environment; anyone remember the virus that hooked itself into the run-time library sources of a development system so it would spread through anything compiled on that system?).

But I also don’t want to click OK on that dialog.

It would be so nice if the dialog:

  1. Showed which template is about to be executed
  2. Allowed me to skip only for that particular template

Anyone better thoughts on this?


via Customizing EDM Code Gen in EF4 : Don’t Be Iffy.

Posted in .NET, C#, Delphi, Development, EF Entity Framework, Prism, Software Development | 4 Comments »

%d bloggers like this: