[IronPython] restrict scripting access

Dino Viehland dinov at exchange.microsoft.com
Mon Jun 30 17:25:42 CEST 2008

Yep, it sure is - that's the reason why we leave this work to the .NET framework and avoid taking the burden upon ourselves :).

There's nothing, other than bugs, in IronPython that prevents it from running in partial trust - look at Silverlight where IronPython runs with no permissions.  There have been a few bugs which have prevented us from running on the desktop CLR in partial trust - generally once we find them they're easy to fix.  Tomas fixed some of those when looking at getting IronRuby running in partial trust and we'll take at look at the issues that block IronPython as well when we start pushing on this.

Once the bugs are gone hosts can either create a partial trust app domain or simply Deny or PermitOnly permissions before calling into IronPython.  The user code would then only have access to the .NET functionality that your security policy outlines.  If you so wanted your own object model could be fully trusted for when the user calls back into you.  What enables this is that IronPython its self runs 100% w/o any trust - it's marked SecurityTransparent.  So any actions that IronPython attempts to perform require full demands upon the code calling into IronPython.  You might need to implement your own fully trusted host which handles access to the file system but that should be trivial to do.

This offers 100% security which is a nice guarantee to have.  But many apps might just need a "3 foot high wall" which their users are unlikely to jump over and for those maybe getting rid of import clr and any available DLLs will be sufficient.  I'm not sure where we're currently prioritizing these bugs so any feedback on how interesting these scenarios are would be helpful :).

-----Original Message-----
From: users-bounces at lists.ironpython.com [mailto:users-bounces at lists.ironpython.com] On Behalf Of Sanghyeon Seo
Sent: Monday, June 30, 2008 7:04 AM
To: Discussion of IronPython
Subject: Re: [IronPython] restrict scripting access

2008/6/30 Rainer Worbis <r.worbis at cubido.at>:
> is there a way to restrict access to objects or namespaces within a script?
> We use IronPython for providing scripting functionality within our .NET
> Application but would like to restrict access to certain functions. Has
> anybody information or a sample how to do that?

Proper sandboxing is a difficult problem. Take a look at the following
post for a good overview.


Seo Sanghyeon
Users mailing list
Users at lists.ironpython.com

More information about the Ironpython-users mailing list