Pavel Šavara wrote:
Hi all on the list,
I found one answer on your group already.
http://lists.ironpython.com/pipermail/users-ironpython.com/2008-March/006721.html
Unfortunately it seems to me that for silverlight there is no
AppDomain.CreateDomain()
So I'm looking for another solution.
1) I could try to ban all scripts containing "import". Could I somehow
extend parser or should I search the script upfront ?
Is there some parser event which I could subscribe ?
2) Is there any hook in the engine which I can use to ban calling
access points ? Type resolver for example ?
A solution based on banning import statements at the parser / ast level
will fail - because there are always other techniques to access the same
functionality.
With Silverlight you can use the Platform Adaptation Layer to control
imports though. The DLR hosting specs has some details on this
(Silverlight uses the PAL so that imports are resolved by searching
inside the xap file - a modified PAL could ban imports altogether).
Michael
To paint whole picture for you I will give you more about use-case.
I would like to create Racetrack in silverlight
http://en.wikipedia.org/wiki/Racetrack_(game)
But instead of playing by players I would like to let programmers to
drive cars with scripts. When I will store scripts on server
repository we could have contest. The problem is that programmers will
tend to cheat as much as possible.
Thanks for advices
Pavel
On Sun, Aug 3, 2008 at 7:27 AM, Seshadri Pillailokam Vijayaraghavan
<[EMAIL PROTECTED]> wrote:
[Including the de facto Hosting API mailing list - IronPython Discussions]
Hi All,
Is what Pavel is asking possible? Can DLR hosts selectively ban imports?
Thanks
Sesh
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 02, 2008 6:24 PM
To: Seshadri Pillailokam Vijayaraghavan
Subject: (DLR Hosting and related stuff...) : Security of DLR host
Importance: High
Hi,
I would like to run untrusted scripts inside of DLR (for example js in
Silverlight). How to restrict access of the scripts ? How do I ban imports
e.g. System.Windows.Application ? I already know how to construct ScriptScope
and run js inside (from C# code). Learned from your articles. ;-)
Thanks Pavel
_______________________________________________
Users mailing list
[email protected]
http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
--
http://www.ironpythoninaction.com/
http://www.voidspace.org.uk/
http://www.trypython.org/
http://www.ironpython.info/
http://www.theotherdelia.co.uk/
http://www.resolverhacks.net/
_______________________________________________
Users mailing list
[email protected]
http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
