Entity Framework 4 – security warning popup workaround: Do you trust all the T4 “text templates” on your system, even future ones?
Posted by jpluimers on 2011/04/13
When using Entity Framework 4, your transofmrations (model to classes, DB to model, etc) are performed by T4 Text Templates.
Those templates are executed all over the place (when saving your project, building your project, changing your model, etc).
Since anyone can insert a T4 Text Template into Visual Studio, and those are scripts, it is a potential vulnerability.
The default Visual Studio behaviour is to show you a dialog like this:
[Security Warning] Running this text template can potentially harm your computer. Do not run it if you obtain if rtom an untrusted source. Click OK. to run the template. Click Cancel top stop the process. [X] Do not show this message again [OK] [Cancel]
Some blogs mention Just click OK and feel free to check “do not show this message again.”
I’m not sure I want that: it would indicate I always trust T4 Text Templates, even the ones added in the future (T4 Text Templates are executable content, malicious software could find it’s way into your development environment; anyone remember the virus that hooked itself into the run-time library sources of a development system so it would spread through anything compiled on that system?).
But I also don’t want to click OK on that dialog.
It would be so nice if the dialog:
- Showed which template is about to be executed
- Allowed me to skip only for that particular template
Anyone better thoughts on this?
–jeroen
Mayssa said
this problem is with template4 so go to TOOLS===>Options===>Text Templating ===>show security message will be false not true
and your project will be working
jpluimers said
Thanks for this solution. Much appreciated!
Mohammed said
i have the same question, and actual question why would Microsoft warns C# from executing EF TT which is a made-in-Microsoft thingie!!!!
jpluimers said
Did you ever find out a workaround?