The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,814 other followers

«
»

Entity Framework 4 – security warning popup workaround: Do you trust all the T4 “text templates” on your system, even future ones?

Posted by jpluimers on 2011/04/13

When using Entity Framework 4, your transofmrations (model to classes, DB to model, etc) are performed by T4 Text Templates.

Those templates are executed all over the place (when saving your project, building your project, changing your model, etc).

Since anyone can insert a T4 Text Template into Visual Studio, and those are scripts, it is a potential vulnerability.

The default Visual Studio behaviour is to show you a dialog like this:

[Security Warning]

Running this text template can potentially harm your computer. Do not run it if you
obtain if rtom an untrusted source.

Click OK. to run the template.
Click Cancel top stop the process.

[X] Do not show this message again

[OK]  [Cancel]

Some blogs mention Just click OK and feel free to check “do not show this message again.”

I’m not sure I want that: it would indicate I always trust T4 Text Templates, even the ones added in the future (T4 Text Templates are executable content, malicious software could find it’s way into your development environment; anyone remember the virus that hooked itself into the run-time library sources of a development system so it would spread through anything compiled on that system?).

But I also don’t want to click OK on that dialog.

It would be so nice if the dialog:

  1. Showed which template is about to be executed
  2. Allowed me to skip only for that particular template

Anyone better thoughts on this?

–jeroen

via Customizing EDM Code Gen in EF4 : Don’t Be Iffy.

This entry was posted on 2011/04/13 at 06:00 and is filed under .NET, C#, Delphi, Development, EF Entity Framework, Prism, Software Development. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “Entity Framework 4 – security warning popup workaround: Do you trust all the T4 “text templates” on your system, even future ones?”

  1. Mayssa said

    2017/09/15 at 11:49

    this problem is with template4 so go to TOOLS===>Options===>Text Templating ===>show security message will be false not true

    and your project will be working

    Reply

  2. Mohammed said

    2014/05/16 at 16:32

    i have the same question, and actual question why would Microsoft warns C# from executing EF TT which is a made-in-Microsoft thingie!!!!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

«
»
 
%d bloggers like this: