Re: Restrict access to application from "outside"
- From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
- Date: Mon, 10 Jul 2006 09:45:22 -0400
"cody" <deutronium@xxxxxx> wrote in message
news:%23Z4oH1SoGHA.780@xxxxxxxxxxxxxxxxxxxxxxx
I have an application consisting of one exe file and 20+ DLL's.
Now I want to dynamically load plugins in my application. But the plugins
must not be able to access my code except through some special interface I
provide it.
Is it possible to user code access security for this purpose? I do not
understand the principles of it and do not know where to start from.
It's possible to use CAS to restrict the permissions of plug-ins. One would
generally use a sandboxing approach as described at
http://blogs.msdn.com/shawnfa/archive/2005/08/08/449050.aspx. In order to
prevent the plug-in assemblies from accessing your application's code in
"unexpected" ways, you would want to ensure that they are denied permission
to reflect into low-visibility members (ReflectionPermission\MemberAccess),
as well as adding demands for a permission that the plug-ins will not be
able to meet to all types and/or members in your assemblies that they should
not be using. This would usually take the form of a demand for an identity
permission such as StrongNameIdentityPermission. However, you should
probably keep in mind that type-level demands do not protect fields, so you
will want to ensure that any fields that they should not touch are of
private or internal visibility.
.
- Follow-Ups:
- References:
- Prev by Date: Re: How to grant and deny the access to a virtual directory?
- Next by Date: Re: Restrict access to application from "outside"
- Previous by thread: Restrict access to application from "outside"
- Next by thread: Re: Restrict access to application from "outside"
- Index(es):
