<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=gb2312">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@宋体";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Harlow Solid Italic";
panose-1:4 3 6 4 2 15 2 2 13 2;}
@font-face
{font-family:"Matura MT Script Capitals";
panose-1:3 2 8 2 6 6 2 7 2 2;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#0F243E;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#0F243E;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=ZH-CN link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#0F243E'>Sorry, My English is so bad. I cannot write more details about
this topic.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#0F243E'>I had a sample to test the security of .NET FW. If you want it, you
can send mail to me (colin </span><span lang=EN-US style='font-size:5.5pt;
font-family:"Calibri","sans-serif";color:#0F243E'>DOT</span><span lang=EN-US
style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:#0F243E'> han </span><span
lang=EN-US style='font-size:6.5pt;font-family:"Calibri","sans-serif";
color:#0F243E'>AT</span><span lang=EN-US style='font-size:10.5pt;font-family:
"Calibri","sans-serif";color:#0F243E'> grapecity </span><span lang=EN-US
style='font-size:5.5pt;font-family:"Calibri","sans-serif";color:#0F243E'>DOT</span><span
lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#0F243E'> com). I will send it to you. <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#0F243E'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span
lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#4A442A'>----------------------------------------------------------------<o:p></o:p></span></p>
<p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span
lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#4A442A'>Follow my heart<o:p></o:p></span></p>
<p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><i><span
lang=EN-US style='font-size:10.5pt;font-family:"Harlow Solid Italic";
color:#4A442A'>Colin Han</span></i><i><span lang=EN-US style='font-size:10.5pt;
font-family:"Matura MT Script Capitals";color:#4A442A'> </span></i><i><span
lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#4A442A'>@</span></i><span lang=EN-US style='font-size:10.5pt;font-family:
"Calibri","sans-serif";color:#4A442A'> </span><b><span lang=EN-US
style='font-size:10.5pt;font-family:"Cambria","serif";color:#4A442A'>MultiRow
Developer Team (A Strong Team)<o:p></o:p></span></b></p>
</div>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#0F243E'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> users-bounces@lists.ironpython.com
[mailto:users-bounces@lists.ironpython.com] <b>On Behalf Of </b>Han Kejing<br>
<b>Sent:</b> 2008</span><span style='font-size:10.0pt;font-family:宋体'>年</span><span
lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>7</span><span
style='font-size:10.0pt;font-family:宋体'>月</span><span lang=EN-US
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>31</span><span
style='font-size:10.0pt;font-family:宋体'>日</span><span lang=EN-US
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> 14:04<br>
<b>To:</b> Discussion of IronPython<br>
<b>Subject:</b> Re: [IronPython] Sandboxing using AppDomains<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#0F243E'>Hi, Leo,<o:p></o:p></span></p>
<p class=MsoNormal style='text-indent:9.0pt'><span lang=EN-US style='font-size:
10.5pt;font-family:"Calibri","sans-serif";color:#0F243E'>Maybe follows document
is helpful for you.<o:p></o:p></span></p>
<p class=MsoNormal style='text-indent:9.0pt'><span lang=EN-US style='font-size:
10.5pt;font-family:"Calibri","sans-serif";color:#0F243E'><a
href="http://blogs.msdn.com/shawnfa/archive/2005/08/08/449050.aspx">http://blogs.msdn.com/shawnfa/archive/2005/08/08/449050.aspx</a><o:p></o:p></span></p>
<p class=MsoNormal style='text-indent:9.0pt'><span lang=EN-US style='font-size:
10.5pt;font-family:"Calibri","sans-serif";color:#0F243E'><o:p> </o:p></span></p>
<p class=MsoNormal style='text-indent:9.0pt'><span lang=EN-US>PermissionSet.Deny
is not safe. User code may use PermissionSet.Assert to get the power easily.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#0F243E'><o:p> </o:p></span></p>
<p class=MsoNormal style='text-indent:9.0pt'><span lang=EN-US style='font-size:
10.5pt;font-family:"Calibri","sans-serif";color:#0F243E'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#0F243E'><o:p> </o:p></span></p>
<p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span
lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#4A442A'>----------------------------------------------------------------<o:p></o:p></span></p>
<p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><span
lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#4A442A'>Follow my heart<o:p></o:p></span></p>
<p class=MsoNormal style='text-align:justify;text-justify:inter-ideograph'><i><span
lang=EN-US style='font-size:10.5pt;font-family:"Harlow Solid Italic";
color:#4A442A'>Colin Han</span></i><i><span lang=EN-US style='font-size:10.5pt;
font-family:"Matura MT Script Capitals";color:#4A442A'> </span></i><i><span
lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#4A442A'>@</span></i><span lang=EN-US style='font-size:10.5pt;font-family:
"Calibri","sans-serif";color:#4A442A'> </span><b><span lang=EN-US
style='font-size:10.5pt;font-family:"Cambria","serif";color:#4A442A'>MultiRow
Developer Team (A Strong Team)<o:p></o:p></span></b></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:"Calibri","sans-serif";
color:#0F243E'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> users-bounces@lists.ironpython.com
[mailto:users-bounces@lists.ironpython.com] <b>On Behalf Of </b>Leo Carbajal<br>
<b>Sent:</b> 2008</span><span style='font-size:10.0pt;font-family:宋体'>年</span><span
lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>7</span><span
style='font-size:10.0pt;font-family:宋体'>月</span><span lang=EN-US
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>31</span><span
style='font-size:10.0pt;font-family:宋体'>日</span><span lang=EN-US
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> 10:07<br>
<b>To:</b> Users@lists.ironpython.com<br>
<b>Subject:</b> [IronPython] Sandboxing using AppDomains<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><span lang=EN-US>Howdy all,<br>
<br>
I know this is a topic that comes up again and again but I was hoping I could
get a bit of understanding from someone.<br>
<br>
So, like many others, I'm looking to get IPy to work in a relatively safe
environment. My application is a game-server and exposes many entry points for
user created scripts to essentially extend the game's reactions. Because these
scripts are open to the public I need to be sure that it cannot do nasty things
like delete all the script files, my app or anything else on the server, access
my other non-exposed functions, etc. <br>
<br>
Anyway, so after reading up a little on AppDomains it sounds like running IPy
through one could be a little prohibitive. I'm not really passing value-types
to work on, I'm allowing the scripts to directly access and modify the objects
themselves. I guess I'm not sure if what I want to do will even work, and I
haven't had a chance to put together a test. The use of scripting in the
application is extensive so I worry that I may have to scale back - or risk
having someone one day using a little reflection to snoop out my app's API and
calling functions that the scriptShell was never intended to be able to use.<br>
<br>
Would using permission.Deny for the permissions I want to disallow be enough to
keep things safe? I.E. something like:<br>
<br>
//elsewhere<br>
private static PermissionSet ps = new PermissionSet(PermissionState.None);<br>
ps.AddPermission(new
SecurityPermission(SecurityPermissionFlag.Execution));<br>
ps.AddPermission(new
FileIOPermission(FileIOPermissionAccess.PathDiscovery |
FileIOPermissionAccess.Read, Path));<br>
<br>
public static void PlayFirstFile(Item caller)<br>
{<br>
locals.Add("Artifact", new ScriptableItem(caller));<br>
string
script = (Path +
"script.py");
<br>
ps.Deny();<br>
engine.ExecuteFile(script, engine.DefaultModule, locals);<br>
locals.Clear();<br>
}<br>
<br>
ScriptableItem, by the way, is a class wrapper to hide private methods in Item
after I found out that passing something as a template doesn't work to occlude
methods\properties I don't want called. =\<br>
<br>
I'm a little lost when it comes to all this security stuff, I could really use
a bit of explanation and would really appreciate any help that can come this
way.<br>
<br>
I'm using IronPython 1.1.2 as I haven't had the chance to sit down and really
play with 2.0, it seems a bit more convoluted to set-up but thats entirely a
from-the-outside perspective at the moment.<br>
<br>
---<br>
LC<o:p></o:p></span></p>
</div>
</div>
</body>
</html>