473,378 Members | 1,360 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > executing untrusted code

Join Bytes to post your question to a community of 473,378 software developers and data experts.

Executing Untrusted Code

Ben
Hello,

I've been developing apps in Delphi for years and have just started
writing my first big project in c# + ms .net and have some questions
about security and untrusted code.

I've got an app that will run on a server on the net that will have
plugin capability, where a user could build an assembly that contains
a type derived from my base plugin type. I plan to load the plugin
assembly at runtime, instanciate the derived type and call it's
methods. Because of the nature of the project I cannot trust plugins
developers (can be anyone) not to write malicious code in their
plugin.

My main concerns with malicious plugin code are that:
1. The plugin may try to do naughty things like deleting files or
sending emails, etc.

2. The plugin may be able to access parts of the main application
which it shouldn't be allowed to see.

3. The plugin may get stuck in an infinate loop, effectively hanging
the entire app. I'd really like to stop executing the method of the
plugin if it takes longer than a set number of milliseconds.

4. The plugin may consume lots and lots of memory using collections,
etc.

Though I know little of it as yet, I figure I can use code access
security to limit the priviledges of the plugin which would hopefully
take care of concern #1 (right?). But as for the other concerns I'm
really not sure? I'm guessing for #3 I'd have to run the plugin in a
seperate thread and kill the thread if it takes too long?

I've studied what I can of the terrarium project which is very
similiar technically and somehow overcomes similiar issues but
unfortunately it seems microsoft never released the source code. :(

The project depends on the ability of .net to run untrusted code
safely which I thought it could. I just have to learn how. Can anybody
suggest what I can do to overcome any of these issues or atleast point
me in the right direction?

Feb 27 '07 #1
0 1352
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Directory names from untrusted data
by: Jim Dabell | last post by:
I'm in the middle of writing a small app for Linux that needs to create directories that take their names from untrusted data. If possible, I'd like to preserve special characters rather than...
Python
4
Executing a DTS Package using an ASP (VBScript)
by: chris.dunigan | last post by:
I'm looking for an example of how to execute an existing DTS­ package from an ASP (VB)script and would appreciate any and all response. ­I don't even know if it's possible Thanks - Chuck...
Microsoft SQL Server
9
Sanitizing untrusted code for eval()
by: Jim Washington | last post by:
I'm still working on yet another parser for JSON (http://json.org). It's called minjson, and it's tolerant on input, strict on output, and pretty fast. The only problem is, it uses eval(). It's...
Python
0
Re;Untrusted Webserver
by: Logu | last post by:
Hi, I am getting Untrusted Webserver in if i am adding exisiting Asp.net project in windows 2000 server.. Pl guide me.. Thanks Logu...
ASP.NET
5
Creating instances of untrusted new-style classes
by: Devan L | last post by:
Is there any safe way to create an instance of an untrusted class without consulting the class in any way? With old-style classes, I can recreate an instance from another one without worrying about...
Python
3
Database on 'Local Intranet' treated as untrusted Internet after IE7 upgrade?
by: King Ron | last post by:
Ola all: I had a call from a client yesterday. She reports that when attempting to connect to a AC2002 mdb backend on a remotely shared pc (mapped locally as \\Server\Users) she suddenly began...
Microsoft Access / VBA
4
VB2005 - Untrusted Location
by: Joseph Gruber | last post by:
Ok, so I'm about to go nuts. Here's the background -- My Documents is redirected to a network location and My Documents is an offline folder. So my projects location is located in my (network) My...
ASP.NET
2
Is a closure's scope accessible by untrusted code?
by: Andrey Fedorov | last post by:
Is the scope of a closure accessible after it's been created? Is it safe against XSS to use closures to store "private" auth tokens? In particular, in... ....can untrusted code access...
Javascript
9
Restricted Execution of untrusted code
by: Emanuele D'Arrigo | last post by:
I noticed that this issue has been discussed in this newsgroup periodically over the years and I seem to understand that - comprehensive- safe/restricted execution of untrusted code in python is...
Python
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!