[IronPython] Security of DLR host
Pavel Šavara
pavel.savara at gmail.com
Sun Aug 3 10:03:24 CEST 2008
Hi all on the list,
I found one answer on your group already.
http://lists.ironpython.com/pipermail/users-ironpython.com/2008-March/006721.html
Unfortunately it seems to me that for silverlight there is no
AppDomain.CreateDomain()
So I'm looking for another solution.
1) I could try to ban all scripts containing "import". Could I somehow
extend parser or should I search the script upfront ?
Is there some parser event which I could subscribe ?
2) Is there any hook in the engine which I can use to ban calling
access points ? Type resolver for example ?
To paint whole picture for you I will give you more about use-case.
I would like to create Racetrack in silverlight
http://en.wikipedia.org/wiki/Racetrack_(game)
But instead of playing by players I would like to let programmers to
drive cars with scripts. When I will store scripts on server
repository we could have contest. The problem is that programmers will
tend to cheat as much as possible.
Thanks for advices
Pavel
On Sun, Aug 3, 2008 at 7:27 AM, Seshadri Pillailokam Vijayaraghavan
<seshapv at microsoft.com> wrote:
> [Including the de facto Hosting API mailing list - IronPython Discussions]
>
> Hi All,
>
> Is what Pavel is asking possible? Can DLR hosts selectively ban imports?
>
> Thanks
> Sesh
>
> -----Original Message-----
> From: pavel.savara at gmail.com [mailto:pavel.savara at gmail.com]
> Sent: Saturday, August 02, 2008 6:24 PM
> To: Seshadri Pillailokam Vijayaraghavan
> Subject: (DLR Hosting and related stuff...) : Security of DLR host
> Importance: High
>
>
> Hi,
>
> I would like to run untrusted scripts inside of DLR (for example js in Silverlight). How to restrict access of the scripts ? How do I ban imports e.g. System.Windows.Application ? I already know how to construct ScriptScope and run js inside (from C# code). Learned from your articles. ;-)
>
> Thanks Pavel
>
More information about the Ironpython-users
mailing list