I’ve been hearing from some folk that they consider the SQLCLR functionality in SQL Server 2005 to be a potential security hole. Some have even gone so far as to say that they plan to leave it disabled (it’s not enabled by default). When pressed, many can’t articulate what their specific concerns are, or they raise concerns that aren’t valid — that the architecture already addresses. At first blush, not using this wonderful facility because of vague security concerns seems a bit much. I think the dev team has done a reasonably good job of locking it down and balancing functionality with security. That said, I’m interested to hear your opinions. Do you think it makes sense for security-conscious users to disable SQLCLR and avoid apps that use it? If you see SQLCLR as a security threat, what specific issues are you worried about?