[IronPython] restrict scripting access

Michael Foord fuzzyman at voidspace.org.uk
Mon Jun 30 05:26:35 PDT 2008


Dody Gunawinata wrote:
> In the IronPython hosting API, unless you specifically load the 
> assembly, it will not be accessible through the script. So right now 
> restricting access means configuring the assemblies you want to expose 
> to the script.
>

But what is to stop the user code doing:

import clr
clr.AddReference('SomeAssembly')

Loading the ScriptRuntime into an AppDomain and restricting the 
privileges on that is one way - but I don't think that IronPython will 
work at all unless the AppDomain has pretty much full trust.

Michael Foord

> On Mon, Jun 30, 2008 at 3:09 PM, Ben Hall <ben2004uk at googlemail.com 
> <mailto:ben2004uk at googlemail.com>> wrote:
>
>     I thought this last night, it would be really useful if we could
>     'sandbox' the IP engine and limit it's access to certain areas of the
>     framework.
>
>
>
>     On Mon, Jun 30, 2008 at 12:57 PM, Rainer Worbis
>     <r.worbis at cubido.at <mailto:r.worbis at cubido.at>> wrote:
>     > No - for example i would like to prevent that the user loads
>     assemblies and does own data access via System.Data.SqlClient.
>     > Or uses specific parts of the applications. (which should be
>     visible to other scripts). So access control per script would be
>     optimal.
>     >
>     > Rainer
>     >
>     > -----Ursprüngliche Nachricht-----
>     > Von: users-bounces at lists.ironpython.com
>     <mailto:users-bounces at lists.ironpython.com>
>     [mailto:users-bounces at lists.ironpython.com
>     <mailto:users-bounces at lists.ironpython.com>] Im Auftrag von
>     Korbinian Abenthum
>     > Gesendet: Montag, 30. Juni 2008 13:47
>     > An: Discussion of IronPython
>     > Betreff: Re: [IronPython] restrict scripting access
>     >
>     > Rainer Worbis wrote:
>     >> is there a way to restrict access to objects or namespaces
>     >> within a script? We use IronPython for providing scripting
>     >> functionality within our .NET Application but would like to
>     >> restrict access to certain functions. Has anybody information
>     >> or a sample how to do that?
>     >
>     > Can you declare the restricted objects as "internal"?
>     >
>     > Cheers,
>     >  Korbinian
>     > _______________________________________________
>     > Users mailing list
>     > Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
>     > http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>     > _______________________________________________
>     > Users mailing list
>     > Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
>     > http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>     >
>     _______________________________________________
>     Users mailing list
>     Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
>     http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>
>
>
>
> -- 
> nomadlife.org <http://nomadlife.org>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.ironpython.com
> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>   


-- 
http://www.ironpythoninaction.com/
http://www.voidspace.org.uk/
http://www.trypython.org/
http://www.ironpython.info/
http://www.resolverhacks.net/
http://www.theotherdelia.co.uk/



More information about the Users mailing list