robiwan wrote: > We're planning on using mono embedded in our application, however, since > arbitrary users might write code for it we'd need to limit access to certain > things, like FS IO, memory allocation and perhaps even network IO. > > Does mono have provision for limiting such stuff? Is it simply a matter of > limiting which class libraries are available for the mono run-time?
You're looking for CAS, but this is unfortunately neither fully implemented nor tested. It's a really great area for contributions :) Mono projects that need this kind of protection are usually verifying and parsing the assembly upon invocation. The parsing can be performed with a library like Mono.Cecil: You could define a whitelist of allowed types and reject the assembly if unsuitable. For more security, you may want to disable some features (p/invoke, Reflection/Reflection.Emit) in mono itself. See the "--enable-minimal=LIST" option of the configure script. This is only feasible if the host doesn't need this features itself. > Also, is there a way in mono to load an assembly (for execution) from memory > (f.i. have the assembly stored in a database) ? Yes. See the (MSDN) docs of the Assembly class. Robert _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
