[IronPython] restrict scripting access
Dody Gunawinata
empirebuilder at gmail.com
Mon Jun 30 14:33:28 CEST 2008
That you can filter our from the python source code or replace such call
with exception ("bzz, can't load AddReference") - Yeah, it's a pretty nasty
workaround, but it works.
Dody G.
On Mon, Jun 30, 2008 at 3:26 PM, Michael Foord <fuzzyman at voidspace.org.uk>
wrote:
> Dody Gunawinata wrote:
>
>> In the IronPython hosting API, unless you specifically load the assembly,
>> it will not be accessible through the script. So right now restricting
>> access means configuring the assemblies you want to expose to the script.
>>
>>
> But what is to stop the user code doing:
>
> import clr
> clr.AddReference('SomeAssembly')
>
> Loading the ScriptRuntime into an AppDomain and restricting the privileges
> on that is one way - but I don't think that IronPython will work at all
> unless the AppDomain has pretty much full trust.
>
> Michael Foord
>
> On Mon, Jun 30, 2008 at 3:09 PM, Ben Hall <ben2004uk at googlemail.com<mailto:
>> ben2004uk at googlemail.com>> wrote:
>>
>> I thought this last night, it would be really useful if we could
>> 'sandbox' the IP engine and limit it's access to certain areas of the
>> framework.
>>
>>
>>
>> On Mon, Jun 30, 2008 at 12:57 PM, Rainer Worbis
>> <r.worbis at cubido.at <mailto:r.worbis at cubido.at>> wrote:
>> > No - for example i would like to prevent that the user loads
>> assemblies and does own data access via System.Data.SqlClient.
>> > Or uses specific parts of the applications. (which should be
>> visible to other scripts). So access control per script would be
>> optimal.
>> >
>> > Rainer
>> >
>> > -----Ursprüngliche Nachricht-----
>> > Von: users-bounces at lists.ironpython.com
>> <mailto:users-bounces at lists.ironpython.com>
>> [mailto:users-bounces at lists.ironpython.com
>> <mailto:users-bounces at lists.ironpython.com>] Im Auftrag von
>> Korbinian Abenthum
>> > Gesendet: Montag, 30. Juni 2008 13:47
>> > An: Discussion of IronPython
>> > Betreff: Re: [IronPython] restrict scripting access
>> >
>> > Rainer Worbis wrote:
>> >> is there a way to restrict access to objects or namespaces
>> >> within a script? We use IronPython for providing scripting
>> >> functionality within our .NET Application but would like to
>> >> restrict access to certain functions. Has anybody information
>> >> or a sample how to do that?
>> >
>> > Can you declare the restricted objects as "internal"?
>> >
>> > Cheers,
>> > Korbinian
>> > _______________________________________________
>> > Users mailing list
>> > Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
>> > http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>> > _______________________________________________
>> > Users mailing list
>> > Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
>> > http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>> >
>> _______________________________________________
>> Users mailing list
>> Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
>> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>>
>>
>>
>>
>> --
>> nomadlife.org <http://nomadlife.org>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.ironpython.com
>> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>>
>>
>
>
> --
> http://www.ironpythoninaction.com/
> http://www.voidspace.org.uk/
> http://www.trypython.org/
> http://www.ironpython.info/
> http://www.resolverhacks.net/
> http://www.theotherdelia.co.uk/
>
>
--
nomadlife.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20080630/ded69e67/attachment.html>
More information about the Ironpython-users
mailing list