[IronPython] DLR Hosting Question
dinov at exchange.microsoft.com
Fri Mar 28 01:50:45 CET 2008
There's no way to currently do this from the DLR and I suspect it's beyond the scope of both the DLR and IronPython. What you might be able to do is create an AppDomain with limited permissions and therefore prevent the loading of assemblies at the lower level. Once you've done that the DLR hosting APIs have support for loading them in a remote app domain.
The reason why we wouldn't do this directly is it's very hard to prevent access. Once you can do import clr you can do:
and there's likely other ways to get around any walls we could put up (e.g. 'abc'.GetType().Assembly... not to mention any othe APIs that could return types).
From: users-bounces at lists.ironpython.com [mailto:users-bounces at lists.ironpython.com] On Behalf Of Michael Cummings
Sent: Thursday, March 27, 2008 12:01 PM
To: Discussion of IronPython
Subject: [IronPython] DLR Hosting Question
I'm putting together a seminar at our local Code Camp for hosting the DLR and integration with applications. The hosting spec pdf is great however I do have (at least) one question that isn't explained very well in the doc. How can I restrict what assemblies can be loaded by a ScriptScope? To explain further: If I use the following code to load a py script file
ScriptRuntime env = ScriptRuntime.Create();
ScriptEngine eng = env.GetEngineByFileExtension( "py" );
ScriptSource source = eng.CreateScriptSourceFromString( form.Source, SourceCodeKind.File );
Where form.Source is a string containing this :
from Bnoerj.AI.Steering.Demo.Plugins.Ctf import CtfBase, Globals
Globals.Instance.Seeker = self
How can I prevent some references from being referenced, like "Microsoft.Xna.Framework" but allow "Bnoerj.AI.Steering.Demo.Plugins.Ctf"?
Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ironpython-users