When building a project from the command line, Microsoft Dynamics AX
reporting tools does not perform any checks for unsafe entries in the project file.
The project file entries are not analyzed by Microsoft Dynamics AX reporting
tools from a security perspective. Therefore, it is strongly recommended that you
do not build third-party reporting projects from the command line. Build from the
command line only in trusted scenarios.
Microsoft Visual Studio, with the help of MSBuild, analyzes unsafe entries in a
project file when it is loaded and warns you about them. An example of an unsafe
entry is the redirection of the project output path to a system folder. For example,
the output path could be redirected to C:\Windows, which could overwrite a
system file. Or, the output path could be redirected so as to overwrite a default
MSBuild property for Microsoft Dynamics AX reporting tools projects. When
attempting to open a reporting project that contains unsafe entries, a dialog box
displays that prompts you not to open the project. If you experience this, you
should inspect the unsafe entries as you decide whether to open the project.
Project files, model files, code files, and referenced assemblies should always be
placed in a safe location whether it is a local folder, network share, or source
code control database. The default project location for Microsoft Visual Studio
projects is \My Documents\Visual Studio 2010\Projects, which is protected by
the administrator and current user access control lists.
Threat detection in a business logic project is limited to the functionality
provided by standard C# and Visual Basic project systems in Microsoft Visual
Studio. The current implementation of the C# and Visual Basic project systems
displays only the first detected threat in the project file. Therefore, if you skip the
threat and load the project file, all other threats that exist in the project file will
be skipped.
The build cache file has an internal binary structure. The first violation of this
structure that is discovered will force the compilation to regenerate the file. If the
file is modified without violating the structure, the issue will not be mitigated,
but you can invoke a clean build to regenerate the build cache file to eliminate
the threat.
Regards,
Hossein Karimi
AX,365,NAV(tutorials: tips and tricks)
Monday, July 30, 2018
Projects and Builds Reporting
+10 years of experience with hands-on lead-level background in the full life cycle of software development with demonstrated cross-functional team leadership skills.
Programming:
• ERP :Microsoft Dynamics AX 2012
• Language :X++, C#, C++, XAML, Asp.Net, Html, VB.Net, Android
• Environment : Windows XP, Windows 8, Windows 10, Windows Server
• DataBase : Oracle 9i,10g,11g and SqlServer and SQLlite
Subscribe to:
Post Comments (Atom)
-
The below select query will give the both the Sales Line record count and the sum of sales quantity. static void Test_Data(Args _args) ... -
In Reporting Services, reports and resources are processed under the security identity of the user who is running the report. If the report ...
-
A List object contains members that are accessed sequentially. Lists are structures that can contain members of any X++ type. All the member...
No comments:
Post a Comment