Best evidence to offer a sandboxed appdomain for a C# evaluator.
Posted
by scope-creep
on Stack Overflow
See other posts from Stack Overflow
or by scope-creep
Published on 2010-05-10T21:55:06Z
Indexed on
2010/05/10
22:14 UTC
Read the original article
Hit count: 263
I have a c# evaluator which uses the (I think) the .Net 4 new simplified sandboxed appdomain model to host the c# assembly, with remoting doing the rest. The call to create the appdomain is
Evidence ev = new Evidence();
ev.AddHostEvidence(new Zone(SecurityZone.Trusted));
PermissionSet pset = SecurityManager.GetStandardSandbox(ev);
AppDomainSetup ads = new AppDomainSetup();
ads.ApplicationBase = "C:\\Sandbox";
// Create the sandboxed domain.
AppDomain sandbox = AppDomain.CreateDomain(
"Sandboxed Domain",
ev,
ads,
pset,
null);
The c# eval is embedded in a server app, but I don't want give the sandbox to much control unless it bo bo's the caller. What i'm looking for is regarding some clarification as to what to provide as Evidence from the caller. I'm looking for advice and guidance.
Any help would be appreciated.
© Stack Overflow or respective owner