You'll need to use the CLR security model - IronPython its self doesn't have a security model and we rely upon the CLR team to make sure they get their security model right.
The easiest thing to do is to create a sandboxed app domain (http://msdn.microsoft.com/en-us/library/bb763046.aspx) and then call Python.CreateEngine(appDomain) to create the ScriptEngine in the remote domain. Note you shouldn't have IronPython or the DLR assemblies in the full trust list. From there you can give the remote domain a MarshalByRefObject which it can use to call back into your object model or enable things which you want to filter. You can also put your own assemblies in the full trust list and make sure you do the appropriate validation for any calls. From: users-boun...@lists.ironpython.com [mailto:users-boun...@lists.ironpython.com] On Behalf Of Brad Heller Sent: Wednesday, August 25, 2010 9:20 AM To: users@lists.ironpython.com Subject: [IronPython] IronPython Security Model I'd like to embed IronPython in my application, however I'd like to be able to prevent the user from doing certain things. For instance, I'd like to make sure they can't open a socket, or access the file system or network resources. Is this currently possible? I haven't been able to find any information on the IronPython security model besides some post somewhere saying "you have complete control over the IronPython security model!" Anyone have any ideas? Thanks, Brad Heller
_______________________________________________ Users mailing list Users@lists.ironpython.com http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
