The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,312 other followers

Entity Framework 4 – security warning popup workaround: Do you trust all the T4 “text templates” on your system, even future ones?

Posted by jpluimers on 2011/04/13

When using Entity Framework 4, your transofmrations (model to classes, DB to model, etc) are performed by T4 Text Templates.

Those templates are executed all over the place (when saving your project, building your project, changing your model, etc).

Since anyone can insert a T4 Text Template into Visual Studio, and those are scripts, it is a potential vulnerability.

The default Visual Studio behaviour is to show you a dialog like this:

[Security Warning]

Running this text template can potentially harm your computer. Do not run it if you
obtain if rtom an untrusted source.

Click OK. to run the template.
Click Cancel top stop the process.

[X] Do not show this message again

[OK]  [Cancel]

Some blogs mention Just click OK and feel free to check “do not show this message again.”

I’m not sure I want that: it would indicate I always trust T4 Text Templates, even the ones added in the future (T4 Text Templates are executable content, malicious software could find it’s way into your development environment; anyone remember the virus that hooked itself into the run-time library sources of a development system so it would spread through anything compiled on that system?).

But I also don’t want to click OK on that dialog.

It would be so nice if the dialog:

  1. Showed which template is about to be executed
  2. Allowed me to skip only for that particular template

Anyone better thoughts on this?

–jeroen

via Customizing EDM Code Gen in EF4 : Don’t Be Iffy.

4 Responses to “Entity Framework 4 – security warning popup workaround: Do you trust all the T4 “text templates” on your system, even future ones?”

  1. Mayssa said

    this problem is with template4 so go to TOOLS===>Options===>Text Templating ===>show security message will be false not true

    and your project will be working

  2. Mohammed said

    i have the same question, and actual question why would Microsoft warns C# from executing EF TT which is a made-in-Microsoft thingie!!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: