|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Restrict access to application from "outside"I have an application consisting of one exe file and 20+ DLL's.
Now I want to dynamically load plugins in my application. But the plugins must not be able to access my code except through some special interface I provide it. Is it possible to user code access security for this purpose? I do not understand the principles of it and do not know where to start from. "cody" <deutron***@gmx.de> wrote in message It's possible to use CAS to restrict the permissions of plug-ins. One would news:%23Z4oH1SoGHA.780@TK2MSFTNGP04.phx.gbl... >I have an application consisting of one exe file and 20+ DLL's. > Now I want to dynamically load plugins in my application. But the plugins > must not be able to access my code except through some special interface I > provide it. > > Is it possible to user code access security for this purpose? I do not > understand the principles of it and do not know where to start from. generally use a sandboxing approach as described at http://blogs.msdn.com/shawnfa/archive/2005/08/08/449050.aspx. In order to prevent the plug-in assemblies from accessing your application's code in "unexpected" ways, you would want to ensure that they are denied permission to reflect into low-visibility members (ReflectionPermission\MemberAccess), as well as adding demands for a permission that the plug-ins will not be able to meet to all types and/or members in your assemblies that they should not be using. This would usually take the form of a demand for an identity permission such as StrongNameIdentityPermission. However, you should probably keep in mind that type-level demands do not protect fields, so you will want to ensure that any fields that they should not touch are of private or internal visibility. Nicole Calinoiu wrote:
Show quoteHide quote > "cody" <deutron***@gmx.de> wrote in message thank you very much for this great insight!> news:%23Z4oH1SoGHA.780@TK2MSFTNGP04.phx.gbl... >> I have an application consisting of one exe file and 20+ DLL's. >> Now I want to dynamically load plugins in my application. But the plugins >> must not be able to access my code except through some special interface I >> provide it. >> >> Is it possible to user code access security for this purpose? I do not >> understand the principles of it and do not know where to start from. > > It's possible to use CAS to restrict the permissions of plug-ins. One would > generally use a sandboxing approach as described at > http://blogs.msdn.com/shawnfa/archive/2005/08/08/449050.aspx. In order to > prevent the plug-in assemblies from accessing your application's code in > "unexpected" ways, you would want to ensure that they are denied permission > to reflect into low-visibility members (ReflectionPermission\MemberAccess), > as well as adding demands for a permission that the plug-ins will not be > able to meet to all types and/or members in your assemblies that they should > not be using. This would usually take the form of a demand for an identity > permission such as StrongNameIdentityPermission. However, you should > probably keep in mind that type-level demands do not protect fields, so you > will want to ensure that any fields that they should not touch are of > private or internal visibility. 
Other interesting topics
Certification Authority, code signing, code access
AzMan connection problems Re: How to - PKCS#7 in c# ConnectionStrings encryption Loading permission sets Deploying Framework 2.0 application to a network location How to: check for firewall blocking? CheckSignature & Revocation Server problem running application DPAPI based How to - PKCS#7 in c# |
|||||||||||||||||||||||
