为 C# 评估器提供沙盒应用程序域的最佳证据 [英] Best evidence to offer a sandboxed appdomain for a C# evaluator

问题描述

我有一个 c# 评估器，它使用(我认为).Net 4 新的简化沙盒应用程序域模型来托管 c# 程序集，其余部分由远程处理完成.创建应用程序域的调用是

I have a c# evaluator which uses the (I think) the .Net 4 new simplified sandboxed appdomain model to host the c# assembly, with remoting doing the rest. The call to create the appdomain is

        Evidence ev = new Evidence();
        ev.AddHostEvidence(new Zone(SecurityZone.Trusted));
        PermissionSet pset = SecurityManager.GetStandardSandbox(ev);

        AppDomainSetup ads = new AppDomainSetup();
        ads.ApplicationBase = "C:\\Sandbox";

        // Create the sandboxed domain.
        AppDomain sandbox = AppDomain.CreateDomain(
           "Sandboxed Domain",
           ev,
           ads,
           pset,
           null);

c# eval 嵌入在服务器应用程序中，但我不想让沙箱有太多控制权，除非 bo bo 是调用者.我正在寻找的是关于提供什么作为来自呼叫者的证据的一些澄清.我正在寻求建议和指导.

The c# eval is embedded in a server app, but I don't want give the sandbox to much control unless it bo bo's the caller. What i'm looking for is regarding some clarification as to what to provide as Evidence from the caller. I'm looking for advice and guidance.

任何帮助将不胜感激.

推荐答案

您可以使用Internet"权限集或执行"权限集，两者都具有有限的权限，因为它们被认为是不安全的.

You can either use the 'Internet' permission set or the 'Execution' permission set, both have limited permissions as they are deemed unsafe.

这篇关于为 C# 评估器提供沙盒应用程序域的最佳证据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！