如何利用性ReflectionPermission拒绝反思 [英] How to deny reflection using ReflectionPermission

问题描述

我想在我的应用程序中添加插件，但我不希望插件使用反射在所有的插件code可以使用应用程序域是沙箱。

I am trying to add addons in my application, but I don't want the addon to use reflection at all, the addon code can be sandbox using Application Domain.

我已经找到了一个AppDomain中例如的在MSDN，但不具有ReflectionPermision任何引用，并且还拒绝安全属性是德preciated，很多属性是德preciated，我怎么停下反思呢？

I have found a AppDomain example at MSDN, but does not have any references for ReflectionPermision, and also the Deny security attribute is depreciated, lots of attributes are depreciated, how do I stop reflection then?

推荐答案

要使用AppDomain.CreateDomain创建沙盒应用程序域，你应该通过在仅包含要授予的沙盒组件的权限PermissionSet中。如果你不希望授予性ReflectionPermission，你根本不应该将其添加到权限集。

To use AppDomain.CreateDomain to create a sandboxed appdomain, you should pass in a PermissionSet that contains only the permissions you want to grant to the sandboxed assemblies. If you don't want to grant ReflectionPermission, you simply shouldn't add it to the permission set.

这就是说，性ReflectionPermission是远从通常应拒绝普通源插件唯一的危险的许可。如果你想成为非常严格，你可能要考虑仅授予的SecurityPermission \执行。 例如的：

That said, ReflectionPermission is far from the only "dangerous" permission that should usually be denied to general-source add-ins. If you want to be very strict, you may want to consider granting only SecurityPermission\Execution. e.g.:

PermissionSet permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

如果您想包括额外的安全的权限，你可以简单地将它们添加到使用额外AddPermission通话设置权限。如果要包括所有被认为足够安全下deprcated CAS政策体系，被授予互联网来源$ C ​​$ C的权限，你可以通过互联网区证据，SecurityManager.GetStandardSandbox静态方法提取这些。 例如的：

If you want to include additional "safe" permissions, you can simply add them to the permission set using additional AddPermission calls. If you want to include all the permissions that were considered safe enough to be granted to internet-sourced code under to deprcated CAS policy system, you can extract these by passing internet-zone evidence to the SecurityManager.GetStandardSandbox static method. e.g.:

Evidence evidence = new Evidence();
evidence.AddHostEvidence(new Zone(SecurityZone.Internet));

PermissionSet permissionSet = SecurityManager.GetStandardSandbox(evidence);

NB 的：这两种方法都在的 MSDN文章到你在你的问题refered。

N.B.: Both of these approaches are described in the MSDN article to which you refered in your question.

这篇关于如何利用性ReflectionPermission拒绝反思的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！