3

I need to get pointed in the right direction. I have embedded an Iron Python scripting host into a simple C# application, but now I need to know the best practices for locking down security on a user generated IronPython or IronRuby script.

Specifically, what are the strategies for preventing library imports and isn't there a way in .NET to run a block of code or a thread in a different security context, for instance to prevent file system access? Also, can this context be assigned a built-in level or role rather than an actual user?

Thanks!

Improve this question

1 Answer 1

Reset to default
5

You should run scripting host in different appdomain, and setup Security Policies via Evidence property using sandboxing API

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Sergey, Would that prevent an IronPython open('c:\\file.txt') call?
not sure about Python, but if it opens file using System.IO namespace definitely yes.
I guess you're an IronRuby guy. Would a locked down AppDomain prevent ruby's native file methods from working?
Of course! remember that IronRuby's native file methods are eventually System.IO operations.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.