[IronPython] DLR Hosting Question

Michael Cummings cummings.michael at gmail.com
Fri Mar 28 17:46:13 CET 2008 

I was afraid of that. So, if I am reading your response correctly...

I can from my Apps AppDomain ( Primary ) create a second AppDomain (
Secondary ) which has limited permissions, specifically for me loading
assemblies. I can then use the DLR in the Secondary AppDomain and use the
DLR API to load the Assemblies I want.

That about sum it up. I know that there may be ways around it, I'm just
trying to be secure enough at this point.

Thanks,

Michael

On Thu, Mar 27, 2008 at 8:50 PM, Dino Viehland <dinov at exchange.microsoft.com>
wrote:

>  There's no way to currently do this from the DLR and I suspect it's
> beyond the scope of both the DLR and IronPython.  What you might be able to
> do is create an AppDomain with limited permissions and therefore prevent the
> loading of assemblies at the lower level.  Once you've done that the DLR
> hosting APIs have support for loading them in a remote app domain.
>
>
>
> The reason why we wouldn't do this directly is it's very hard to prevent
> access.  Once you can do import clr you can do:
>
>
>
> clr.GetClrType(str).Assembly.System.Reflection.Assembly.Load(…)
>
>
>
> and there's likely other ways to get around any walls we could put up (e.g.
> 'abc'.GetType().Assembly…  not to mention any othe APIs that could return
> types).
>
>
>
>
>
> *From:* users-bounces at lists.ironpython.com [mailto:
> users-bounces at lists.ironpython.com] *On Behalf Of *Michael Cummings
> *Sent:* Thursday, March 27, 2008 12:01 PM
> *To:* Discussion of IronPython
> *Subject:* [IronPython] DLR Hosting Question
>
>
>
> Hi all,
>   I'm putting together a seminar at our local Code Camp for hosting the
> DLR and integration with applications. The hosting spec pdf is great however
> I do have (at least) one question that isn't explained very well in the doc.
> How can I restrict what assemblies can be loaded by a ScriptScope? To
> explain further: If I use the following code to load a py script file
>
>             ScriptRuntime env = ScriptRuntime.Create();
>             ScriptEngine eng = env.GetEngineByFileExtension( "py" );
>
>             ScriptSource source = eng.CreateScriptSourceFromString(
> form.Source, SourceCodeKind.File );
>
>             source.Execute();
>
> Where form.Source is a string containing this :
>
> import sys
>
> import clr
> clr.AddReference("System.Windows.Forms")
> clr.AddReference("System")
> clr.AddReference("Microsoft.Xna.Framework")
> clr.AddReference("Microsoft.Xna.Framework.Graphics")
> clr.AddReference("Microsoft.Xna.Framework.Input")
> clr.AddReference("Bnoerj.AI.Steering.Demo.Plugins.Ctf")
>
> from Bnoerj.AI.Steering.Demo.Plugins.Ctf import CtfBase, Globals
>
> class CtfPythonSeeker(CtfBase):
>
>     def __init__(self):
>         Reset()
>
>     def Reset(self):
>         Globals.Instance.Seeker = self
>
> How can I prevent some references from being referenced, like "
> Microsoft.Xna.Framework" but allow "Bnoerj.AI.Steering.Demo.Plugins.Ctf"?
>
> Thanks in advance
>
> Michael
>
> _______________________________________________
> Users mailing list
> Users at lists.ironpython.com
> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20080328/8e487b9b/attachment.html>

More information about the Ironpython-users mailing list