Assembly.CreateInstance 和安全性 [英] Assembly.CreateInstance and security
问题描述
我正在考虑使用 C# 按需编译代码的能力作为脚本语言的基础.我想知道,如何对正在执行的脚本进行沙箱处理,使它们无法访问文件系统、网络等.基本上,我希望对正在运行的脚本进行限制权限.
I'm toying around with the idea of using C#'s ability to compile code on-demand as the basis of a scripting language. I was wondering, how can I sandbox the scripts that I am executing so that they cannot access the file system, network, etc. Basically, I want restricted permissions on the script being run.
我采取的步骤:
CompilerResults r = CSharpCodeProvider.CompileAssemblyFromSource(source);
Assembly a = r.CompiledAssembly;
IScript s = a.CreateInstance(...);
s.EntryPoint(...);
推荐答案
推荐的方法是执行 沙盒应用域.http://blogs.msdn 给出了几个原因.com/b/shawnfa/archive/2006/04/19/579066.aspx,更重要的是,大多数其他潜在方法从 .NET 4.0 开始已弃用.
The recommended approach for this is to execute the suspect code in a sandboxed appdomain. Several reasons are given at http://blogs.msdn.com/b/shawnfa/archive/2006/04/19/579066.aspx, and an even more important one is that most of the other potential approaches are deprecated as of .NET 4.0.
这篇关于Assembly.CreateInstance 和安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!