开发者

Security permissions on uploaded libraries

开发者 https://www.devze.com 2023-03-28 03:06 出处:网络
I am uploading DLLs from client machines to a server. These DLLs will be created and executed via reflection. Each DLL should have read/write on only one specific directory on th开发者_Go百科e server.

I am uploading DLLs from client machines to a server. These DLLs will be created and executed via reflection. Each DLL should have read/write on only one specific directory on th开发者_Go百科e server. This directory is specific to the DLL.

I want a way of forcing the DLL to only be able to access its own specific directory. Since the DLLs are uploaded, I want to be able to assign this permission dynamically.


IF you force the DLLs to use your API - for example via a shared object providing them with FileSystem-Access then you could just run the respective DLL in a separate AppDomain which you setup with a reduced PermissionSet (i.e. without File IO permission)...

This way .NET enforces the needed security and your API can provide any operation you want to restrict/log etc. like File IO...


Polaris allows sandboxing of windows applications, including the ability to run a process in such a way that initially it only has access to a subset of the file-system and can only gain access to other files via user-interaction with a file-chooser.

If your various DLLs can each be loaded and run in a separate process and communicate via the normal IPC mechanisms, this could work for you.

0

精彩评论

暂无评论...
验证码 换一张
取 消