[Ironruby-core] Create pseudo sandbox for hosted IronRuby script
pascal.normandin at convergentware.com
Mon Feb 8 09:25:15 EST 2010
Here is what I've done to achieve this but I'd really like to know if this
is the right method. It gets really confusing when it comes to TrustLevel
and assembly permissions.
>From my basic tests I was unable to access any resources from the computer
not even the file system.
protected static ScriptRuntime CreateIronRubyRuntime(bool
// Setup the ruby engine in a Sandbox
var rubySetup = Ruby.CreateRubySetup();
rubySetup.Options["InterpretedMode"] = true;
var runtimeSetup = new ScriptRuntimeSetup();
runtimeSetup.DebugMode = false;
// Create AppDomain Info
AppDomainSetup info = new AppDomainSetup();
info.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory
info.ApplicationName = "IRPlugin";
// Set permissions
PermissionSet ps1 = new PermissionSet(PermissionState.None);
SecurityPermissionFlag flag =
SecurityPermissionFlag.SkipVerification | SecurityPermissionFlag.Execution |
// Create the AppDomain
AppDomain newDomain =
AppDomain.CreateDomain("IRPluginDomain", null, info, ps1);
runtime = ScriptRuntime.CreateRemote(newDomain,
runtime = Ruby.CreateRuntime(runtimeSetup);
From: ironruby-core-bounces at rubyforge.org
[mailto:ironruby-core-bounces at rubyforge.org] On Behalf Of Thibaut Barrère
Sent: February-08-10 3:46 AM
To: ironruby-core at rubyforge.org
Subject: Re: [Ironruby-core] Create pseudo sandbox for hosted IronRuby
> I have an multi-user VoIP application that allows users to execute
> IronRuby scripts for their call dial plans. I'm looking to restrict what
> the IronRuby scripts are allowed to do to protect the server in case a
> nasty user should decide to try and cause some damage.
This kind of "blank-slate" approach would be useful to me too.
Is that something that can be achieved using isolated scopes ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ironruby-core