[IronPython] Safe execution of python scripts on my .net application

Nicolás Buttarelli nbuttarelli at gmail.com
Mon Nov 2 22:19:38 CET 2009 

Thanks for your response.

But what happens with the python code? Does not exist a way to write some
scripts that can do some damage to my app, the server, the database, etc?

Thanks again,
Nicolas

On Mon, Nov 2, 2009 at 9:41 PM, Dino Viehland <dinov at microsoft.com> wrote:

>  After creating your app domain you can do:
>
>
>
> ScriptEngine engine = Python.CreateEngine(someAppDomain);
>
>
>
> And then the rest of your code should work as it’s written.
>
>
>
>
>
> *From:* users-bounces at lists.ironpython.com [mailto:
> users-bounces at lists.ironpython.com] *On Behalf Of *Nicolás Buttarelli
> *Sent:* Monday, November 02, 2009 12:39 PM
> *To:* users at lists.ironpython.com
> *Subject:* [IronPython] Safe execution of python scripts on my .net
> application
>
>
>
> Sorry, I don't know if my previous message have arrived. So, here it is:
>
>
>
>
>
> Hello all,
>
>
>
> I am starting with python and I would like to add to my web application
> some web services. This services will allow the different clients of my
> application to execute some python scripts.
>
>
>
> I would like to know if someone did this before and how can I do this in a
> secure way. I mean, how can I do to restrict the environment where the
> scripts will be executed.
>
>
>
> In .net I can do this using the AppDoman and setting the permission set.
>
>
>
> AppDomain.CreateDomain( string friendlyName,
>                         Evidence securityInfo,
>                         AppDomainSetup info,
>                         PermissionSet grantSet,
>                         params StrongName[] fullTrustAssemblies);
>
>
>
>
>
> Is there a way to do the same with my python scripts?
>
>
>
> I am running them using this:
>
>
>
> ScriptEngine engine = Python.CreateEngine();
>
> ScriptSource source = engine.CreateScriptSourceFromString(scriptAsString);
>
> ScriptScope scope = engine.CreateScope();
>
> source.Execute(scope);
>
>
>
> Thanks in advance.
>
> Nicolas
>
> _______________________________________________
> Users mailing list
> Users at lists.ironpython.com
> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20091102/6bfcc394/attachment.html>

More information about the Ironpython-users mailing list