[IronPython] IronPython Security Model

Dino Viehland dinov at microsoft.com
Wed Aug 25 09:28:58 PDT 2010


You'll need to use the CLR security model - IronPython its self doesn't have a security model and we rely upon the CLR team to make sure they get their security model right.

The easiest thing to do is to create a sandboxed app domain (http://msdn.microsoft.com/en-us/library/bb763046.aspx) and then call Python.CreateEngine(appDomain) to create the ScriptEngine in the remote domain.  Note you shouldn't have IronPython or the DLR assemblies in the full trust list.  From there you can give the remote domain a MarshalByRefObject which it can use to call back into your object model or enable things which you want to filter.  You can also put your own assemblies in the full trust list and make sure you do the appropriate validation for any calls.

From: users-bounces at lists.ironpython.com [mailto:users-bounces at lists.ironpython.com] On Behalf Of Brad Heller
Sent: Wednesday, August 25, 2010 9:20 AM
To: users at lists.ironpython.com
Subject: [IronPython] IronPython Security Model

I'd like to embed IronPython in my application, however I'd like to be able to prevent the user from doing certain things. For instance, I'd like to make sure they can't open a socket, or access the file system or network resources. Is this currently possible?

I haven't been able to find any information on the IronPython security model besides some post somewhere saying "you have complete control over the IronPython security model!" Anyone have any ideas?
Thanks,
Brad Heller
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ironpython.com/pipermail/users-ironpython.com/attachments/20100825/7da4cc4b/attachment.htm>


More information about the Users mailing list