[Ironpython-users] Restrict referencing of assemblies in hosted environment

[Jeff Hardy]

On Wed, Oct 17, 2012 at 3:08 AM, Markus Schaber
<m.schaber at 3s-software.com> wrote:
> Hello,
> We’re using IronPython as a hosted script engine in our application.

> Now, we want to restrict the assemblies a user can reference from its python
> script,
>
> Currently, we just forbid “import clr”, by wrapping the import() method, but
> this is a bit harsh, and the side-effects are a little bit to strong (e. G.
> it causes “import minidom.py” to fail…)
>

I'm pretty sure that importing of CLR classes also goes through
__import__(). So you should be able to blacklist/whitelist whatever
classes you want that way. This doesn't prevent loading the
assemblies, but it does make the classes more difficult to access.

If whatever hook you're using to block `import clr` doesn't fire for
`import System` as well, file an issue. And patch, preferably :).

- Jeff