.NET Scripting with CAS Permissions
From: Michael Billard (billardm_at_p-com.com)
Date: 09/26/03
- Next message: Marcia Vasquez: "Look at this internet patch from Microsoft Corporation"
- Previous message: Anthony van Orizande: "Re: See the update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Sep 2003 16:21:27 -0700
Hi all:
I'm learning more about .NET Framework's built-in
scripting abilities as well as the Framework's security
capabilities. But there is something I'm not clear on and
need some clarification.
Assume I have an application with a function called
SaveOrder, and it uses ADO.NET to connect to SQL Server
and saves a sales order into the database. Also, I am
using Microsoft.Vsa.VisualBasic (the VB.NET scripting
engine) in the same program, and write a VB.NET script
that calls the application's SaveOrder function.
I want to prevent the scripting engine's scripts from
accessing the file system, opening network connections,
creating database connections, and other potentially
dangerous things. I know some of these functions may be
excluded from the scripting engine, but potentially,
others cannot.
Is it possible to "sandbox" the scripts to prevent access
to protected resources while still allowing them to call
SaveOrder and successfully saving information to the
database? Essentially, I want some access to protected
resources from scripts, but in a very carefully controlled
way.
Thanks for your help.
- Next message: Marcia Vasquez: "Look at this internet patch from Microsoft Corporation"
- Previous message: Anthony van Orizande: "Re: See the update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
