[IronPython] restrict scripting access

Dody Gunawinata empirebuilder at gmail.com
Mon Jun 30 05:33:28 PDT 2008


That you can filter our from the python source code or replace such call
with exception ("bzz, can't load AddReference") - Yeah, it's a pretty nasty
workaround, but it works.

Dody G.

On Mon, Jun 30, 2008 at 3:26 PM, Michael Foord <fuzzyman at voidspace.org.uk>
wrote:

> Dody Gunawinata wrote:
>
>> In the IronPython hosting API, unless you specifically load the assembly,
>> it will not be accessible through the script. So right now restricting
>> access means configuring the assemblies you want to expose to the script.
>>
>>
> But what is to stop the user code doing:
>
> import clr
> clr.AddReference('SomeAssembly')
>
> Loading the ScriptRuntime into an AppDomain and restricting the privileges
> on that is one way - but I don't think that IronPython will work at all
> unless the AppDomain has pretty much full trust.
>
> Michael Foord
>
>  On Mon, Jun 30, 2008 at 3:09 PM, Ben Hall <ben2004uk at googlemail.com<mailto:
>> ben2004uk at googlemail.com>> wrote:
>>
>>    I thought this last night, it would be really useful if we could
>>    'sandbox' the IP engine and limit it's access to certain areas of the
>>    framework.
>>
>>
>>
>>    On Mon, Jun 30, 2008 at 12:57 PM, Rainer Worbis
>>    <r.worbis at cubido.at <mailto:r.worbis at cubido.at>> wrote:
>>    > No - for example i would like to prevent that the user loads
>>    assemblies and does own data access via System.Data.SqlClient.
>>    > Or uses specific parts of the applications. (which should be
>>    visible to other scripts). So access control per script would be
>>    optimal.
>>    >
>>    > Rainer
>>    >
>>    > -----Ursprüngliche Nachricht-----
>>    > Von: users-bounces at lists.ironpython.com
>>    <mailto:users-bounces at lists.ironpython.com>
>>    [mailto:users-bounces at lists.ironpython.com
>>    <mailto:users-bounces at lists.ironpython.com>] Im Auftrag von
>>    Korbinian Abenthum
>>    > Gesendet: Montag, 30. Juni 2008 13:47
>>    > An: Discussion of IronPython
>>    > Betreff: Re: [IronPython] restrict scripting access
>>    >
>>    > Rainer Worbis wrote:
>>    >> is there a way to restrict access to objects or namespaces
>>    >> within a script? We use IronPython for providing scripting
>>    >> functionality within our .NET Application but would like to
>>    >> restrict access to certain functions. Has anybody information
>>    >> or a sample how to do that?
>>    >
>>    > Can you declare the restricted objects as "internal"?
>>    >
>>    > Cheers,
>>    >  Korbinian
>>    > _______________________________________________
>>    > Users mailing list
>>    > Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
>>    > http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>>    > _______________________________________________
>>    > Users mailing list
>>    > Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
>>    > http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>>    >
>>    _______________________________________________
>>    Users mailing list
>>    Users at lists.ironpython.com <mailto:Users at lists.ironpython.com>
>>    http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>>
>>
>>
>>
>> --
>> nomadlife.org <http://nomadlife.org>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.ironpython.com
>> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>>
>>
>
>
> --
> http://www.ironpythoninaction.com/
> http://www.voidspace.org.uk/
> http://www.trypython.org/
> http://www.ironpython.info/
> http://www.resolverhacks.net/
> http://www.theotherdelia.co.uk/
>
>


-- 
nomadlife.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ironpython.com/pipermail/users-ironpython.com/attachments/20080630/ded69e67/attachment.htm>


More information about the Users mailing list