[IronPython] Scripting use with security pointers wanted
Michael Latta
lattam at mac.com
Sun Oct 23 08:01:00 CEST 2005
I would like to use IronPython for scripting, but that poses large security
concerns.
Any pointers would be welcome.
1) How to run the scripting code in a secure manner, but give it access to
the public API needed to script the application.
2) How do I run IronPython code in a separate AppDomain?
3) How do I give that other app domain restricted access to my API?
4) How do I set it up so the app domain is running with low security
privileges?
Most of this is not specific to IronPython, but hopefully someone here has
done this already. It would be great if there were a standard module/method
for doing this out of the box. I could see having a generic class
IronPythonScript<API> that takes an API type and results in an object that
manages the other app domain, and exposes an interface for loading and
executing scripts, while providing an object of the API type to the scripts
as a point of interface with the application.
Michael
More information about the Ironpython-users
mailing list