The Code Access Security model of the .NET Framework allows you to do
this pretty easily. You will want to create a separate AppDomain to
load your plugin assemblies. You can specify limited permissions for
all code executing in the AppDomain. You then communicate with your
plugin code using .NET Remoting.
See the documentation for AppDomain.SetAppDomainPolicy for a hint on how
to get started:
http://msdn.microsoft.com/library/de...olicytopic.asp
Joshua Flanagan
http://flimflan.com/blog
Jesper wrote:
> Im creating a host application (a game) which allows for users to supply a
> custom computer AI. This will be in the form of a plugin assembly which
> supports a specified interface. So the host will call interface functions in
> the plugins like PerformMove(GameState gs). The host application is a
> trusted application that runs on a server, and users upload plugins to this
> server, but I can't trust the plugins.
>
> PlugIn:
> - Must adhere to a specific public interface.
> - Is allowed to create and maintain private state information, to be used
> between calls.
> - Is not allowed access to I/O, Networks, Other processes, etc.
> - Will recieve some objects by reference form the host, but has only read
> capabilities on these objects. If this is not possible, it will recieve
> objects by value only.
>
> Host:
> - Can kill any plugin process/thread that takes too long time.
> - Can kill any plugin process/thread that takes too much memory (or maybe
> limit the allowed memory size at creation of the plugin process?)
> - In order to allow the host enough control over the plugin to be able to
> kill it, I expect to have to run the plugin functions in a different thread
> or process.
>
> I'm pretty new to security, so how would you set up these plugins,
> securitywise?
>
>
Similar Threads
