[IronPython] restrict scripting access
Michael Foord
fuzzyman at voidspace.org.uk
Mon Jun 30 14:26:35 CEST 2008
Dody Gunawinata wrote:
> In the IronPython hosting API, unless you specifically load the
> assembly, it will not be accessible through the script. So right now
> restricting access means configuring the assemblies you want to expose
> to the script.
>
But what is to stop the user code doing:
import clr
clr.AddReference('SomeAssembly')
Loading the ScriptRuntime into an AppDomain and restricting the
privileges on that is one way - but I don't think that IronPython will
work at all unless the AppDomain has pretty much full trust.
Michael Foord
> On Mon, Jun 30, 2008 at 3:09 PM, Ben Hall <ben2004uk at googlemail.com
> <mailto:ben2004uk at googlemail.com>> wrote:
>
> I thought this last night, it would be really useful if we could
> 'sandbox' the IP engine and limit it's access to certain areas of the
> framework.
>
>
>
> On Mon, Jun 30, 2008 at 12:57 PM, Rainer Worbis
> <r.worbis at cubido.at <mailto:r.worbis at cubido.at>> wrote:
> > No - for example i would like to prevent that the user loads
> assemblies and does own data access via System.Data.SqlClient.
> > Or uses specific parts of the applications. (which should be
> visible to other scripts). So access control per script would be
> optimal.
> >
> > Rainer
> >
> > -----Ursprüngliche Nachricht-----
> > Von: users-bounces at lists.ironpython.com
> <mailto:users-bounces at lists.ironpython.com>
> [mailto:users-bounces at lists.ironpython.com
> <mailto:users-bounces at lists.ironpython.com>] Im Auftrag von
> Korbinian Abenthum
> > Gesendet: Montag, 30. Juni 2008 13:47
> > An: Discussion of IronPython
> > Betreff: Re: [IronPython] restrict scripting access
> >
> > Rainer Worbis wrote:
> >> is there a way to restrict access to objects or namespaces
> >> within a script? We use IronPython for providing scripting
> >> functionality within our .NET Application but would like to
> >> restrict access to certain functions. Has anybody information
> >> or a sample how to do that?
> >
> > Can you declare the restricted objects as "internal"?
> >
> > Cheers,
> > Korbinian
> > _______________________________________________
> > Users mailing list
> > Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
> > http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
> > _______________________________________________
> > Users mailing list
> > Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
> > http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
> >
> _______________________________________________
> Users mailing list
> Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>
>
>
>
> --
> nomadlife.org <http://nomadlife.org>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.ironpython.com
> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>
--
http://www.ironpythoninaction.com/
http://www.voidspace.org.uk/
http://www.trypython.org/
http://www.ironpython.info/
http://www.resolverhacks.net/
http://www.theotherdelia.co.uk/
More information about the Ironpython-users
mailing list