Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Best Practices: Avoiding Potential Security Issues

Some of the X++ APIs may have potential security issues. For example, they might allow unauthorized access to the database or the Application Object Tree (AOT), if used in a nonsecure manner.

If a call to one of these potentially unsafe APIs generates a Best Practices error, this indicates that you should assess the security implications of using the method. You may need to apply Code Access Security by using one of the classes derived from CodeAccessPermission, and/or take other mitigating actions, such as validating user input.

When you are satisfied that the security implications of using the class have been investigated and mitigated, you can turn off the best practice error by adding the following comment above the call to the method.

// BP Deviation documented

There is more information about the mitigations for each potentially unsafe API in the Help topics for the classes you received the error message for.

For more information about the APIs protected by Code Access Security, see Secured APIs.

Microsoft Dynamics AX conducts a best practices check of the XML comments to be sure that you provide documentation in the appropriate tags. For information about how to set the options for best practice checks, see Best Practice Options.

The following table lists the best practices error messages and how to fix the errors.

Message

Message type

How to fix the error or warning

TwC: Validate data displayed in form is fetched using record level security. Dangerous API %1 used.

Error

Assess the security implications of using the method. You may need to apply Code Access Security by using one of the classes derived from CodeAccessPermission. For information about record level security, see Record Level Security. For more information about security, see Writing Secure X++ Code.

Community Additions

ADD
Show:
© 2015 Microsoft