<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I’d recommend “Customizing the Microsoft® .NET Framework Common
Language Runtime” (http://www.microsoft.com/MSPress/books/6895.aspx ) for
learning about the specific CLR knobs to twist in this scenario.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Harry<o:p></o:p></span></p>
<p class=MsoNormal><a name="_MailEndCompose"><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></a></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
users-bounces@lists.ironpython.com [mailto:users-bounces@lists.ironpython.com] <b>On
Behalf Of </b>Dino Viehland<br>
<b>Sent:</b> Friday, March 28, 2008 2:33 PM<br>
<b>To:</b> Discussion of IronPython<br>
<b>Subject:</b> Re: [IronPython] DLR Hosting Question<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>That’s the theory – unfortunately I’m not sure exactly what
knobs to twist in the CLR to accomplish it though.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
users-bounces@lists.ironpython.com [mailto:users-bounces@lists.ironpython.com] <b>On
Behalf Of </b>Michael Cummings<br>
<b>Sent:</b> Friday, March 28, 2008 9:46 AM<br>
<b>To:</b> Discussion of IronPython<br>
<b>Subject:</b> Re: [IronPython] DLR Hosting Question<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>I was afraid of that. So, if I
am reading your response correctly...<br>
<br>
I can from my Apps AppDomain ( Primary ) create a second AppDomain ( Secondary
) which has limited permissions, specifically for me loading assemblies. I can then
use the DLR in the Secondary AppDomain and use the DLR API to load the
Assemblies I want.<br>
<br>
That about sum it up. I know that there may be ways around it, I'm just trying
to be secure enough at this point.<br>
<br>
Thanks,<br>
<br>
Michael<o:p></o:p></p>
<div>
<p class=MsoNormal>On Thu, Mar 27, 2008 at 8:50 PM, Dino Viehland <<a
href="mailto:dinov@exchange.microsoft.com">dinov@exchange.microsoft.com</a>>
wrote:<o:p></o:p></p>
<div>
<div>
<p><span style='font-size:11.0pt;color:#1F497D'>There's no way to currently do
this from the DLR and I suspect it's beyond the scope of both the DLR and
IronPython. What you might be able to do is create an AppDomain with
limited permissions and therefore prevent the loading of assemblies at the
lower level. Once you've done that the DLR hosting APIs have support for
loading them in a remote app domain.</span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'>The reason why we wouldn't do
this directly is it's very hard to prevent access. Once you can do import
clr you can do:</span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'>clr.GetClrType(str).Assembly.System.Reflection.Assembly.Load(…)</span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'>and there's likely other ways
to get around any walls we could put up (e.g. 'abc'.GetType().Assembly…
not to mention any othe APIs that could return types).</span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;
border-color:-moz-use-text-color -moz-use-text-color'>
<p><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:
10.0pt'> <a href="mailto:users-bounces@lists.ironpython.com" target="_blank">users-bounces@lists.ironpython.com</a>
[mailto:<a href="mailto:users-bounces@lists.ironpython.com" target="_blank">users-bounces@lists.ironpython.com</a>]
<b>On Behalf Of </b>Michael Cummings<br>
<b>Sent:</b> Thursday, March 27, 2008 12:01 PM<br>
<b>To:</b> Discussion of IronPython<br>
<b>Subject:</b> [IronPython] DLR Hosting Question</span><o:p></o:p></p>
</div>
<div>
<div>
<p> <o:p></o:p></p>
<p>Hi all,<br>
I'm putting together a seminar at our local Code Camp for hosting the
DLR and integration with applications. The hosting spec pdf is great however I
do have (at least) one question that isn't explained very well in the doc. How
can I restrict what assemblies can be loaded by a ScriptScope? To explain
further: If I use the following code to load a py script file<br>
<br>
ScriptRuntime env = ScriptRuntime.Create();<br>
ScriptEngine
eng = env.GetEngineByFileExtension( "py" );<br>
<br>
ScriptSource
source = eng.CreateScriptSourceFromString( form.Source, SourceCodeKind.File );<br>
<br>
source.Execute();<br>
<br>
Where form.Source is a string containing this :<br>
<br>
import sys<br>
<br>
import clr<br>
clr.AddReference("System.Windows.Forms")<br>
clr.AddReference("System")<br>
clr.AddReference("Microsoft.Xna.Framework")<br>
clr.AddReference("Microsoft.Xna.Framework.Graphics")<br>
clr.AddReference("Microsoft.Xna.Framework.Input")<br>
clr.AddReference("Bnoerj.AI.Steering.Demo.Plugins.Ctf")<br>
<br>
from Bnoerj.AI.Steering.Demo.Plugins.Ctf import CtfBase, Globals<br>
<br>
class CtfPythonSeeker(CtfBase):<br>
<br>
def __init__(self):<br>
Reset()<br>
<br>
def Reset(self):<br>
Globals.Instance.Seeker = self<br>
<br>
How can I prevent some references from being referenced, like
"Microsoft.Xna.Framework" but allow
"Bnoerj.AI.Steering.Demo.Plugins.Ctf"?<br>
<br>
Thanks in advance<br>
<br>
Michael<o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.ironpython.com">Users@lists.ironpython.com</a><br>
<a href="http://lists.ironpython.com/listinfo.cgi/users-ironpython.com"
target="_blank">http://lists.ironpython.com/listinfo.cgi/users-ironpython.com</a><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>