System.Xml.XmlSecureResolver objects can contain sensitive information such as user credentials. You should be careful when caching System.Xml.XmlSecureResolver objects and should not pass the System.Xml.XmlSecureResolver object to an untrusted component.

There are differences in the security infrastructure for code running on the .NET Framework common language runtime (CLR) and for code running on the CLR that is integrated within Microsoft SQL Server 2005. This can lead to cases where code developed for the .NET Framework CLR operates differently when used on the SQL Server integrated CLR. One of these differences affects the System.Xml.XmlSecureResolver class when you have evidence that is based on a URL (This can occur when you use the XmlSecureResolver.CreateEvidenceForUrl(string) method or the XmlSecureResolver.#ctor(XmlResolver, string) constructor). The policy resolution mechanism of the SQL Server integrated CLR does not utilize the System.Security.Policy.Url or System.Security.Policy.Zone information. Instead, the SQL Server integrated CLR grants permissions based on the GUID that the server adds when assemblies are loaded. When you use the System.Xml.XmlSecureResolver in the SQL Server integrated CLR, provide any required evidence directly using a specified System.Security.PermissionSet.