How to provide isolation?

我们两清 提交于 2020-01-15 10:12:18

问题


I have a need to allow my users to execute .NET code that they provide on my server. I know security is a big concern, but it has to be done that way.

Currently, I run my users' code under a limited Windows account. But, I am worried that .NET framework provides many classes that, if used maliciously, can harm the server -- classes under the Reflection namespace is one example, CodeDom is another concern.

I wish there was a way to create a "lightweight virtual environment" that can run .NET code, but is fully isolated. Kind of like Virtual PC, but much more lightweight -- the only capability would be that users can do calculations and, possibly, call a 3rd party web service.

Is there something on the market that provides an isolated environment for .NET applications?

Thanks.


回答1:


.NET has built in security features to do exactly what you want to do. Without knowing how their .NET apps are being launched I can't say for sure if it will help you, but if you control the launching of the apps you can apply a security context to their AppDomain and restrict what they can access. From what you said in the original posting if you blocked pretty much everything except WebPermission (and you can even restrict it to specific addresses) it should be safe to run on your system.



来源:https://stackoverflow.com/questions/9794596/how-to-provide-isolation

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!