Question: Isolating Code
warappa opened this issue · 3 comments
Context
I'm currently evaluating ways of using scripts to transform data. These scripts would be hot-deployable at runtime.
One thing I found is Jint, a .NET JavaScript executor. But I'm also looking if it is possible to use C# for this and found your library.
Security
As loading code at runtime is always risky, I'm looking for ways of locking down the scripts' abilities.
Eg. in Jint, there is a possibility to lock down .NET usage (eg. sebastienros/jint#275).
I was wondering if your library supports something like this too, so my question is:
Is isolating/locking down the C# scripts possible?
In full framework you can load the compilation and execution into a separate AppDomain. THat's no longer supported/recommended in .NET Core though.
Short answer: No not possible unless you do some sort of code scanning or you can insure that the host application runs in a limited security environment that doesn't have rights...
I was afraid this would be the outcome, but still thank you for taking the time to answer.
Timing is everything 😉
February I asked this question, today Steve Sanderson released the - experimental - DotNetIsolator.
- Short demo video:
https://www.youtube.com/watch?v=5u1UaqkPZbg - Code:
https://github.com/SteveSandersonMS/DotNetIsolator - NuGet:
https://www.nuget.org/packages/DotNetIsolator/0.1.0-preview.10024
If this gets in a stable state, this could be a perfect way for isolating C# code!