How to: Run Partially Trusted Code in a Sandbox

本文介绍了.NET Framework中的沙盒机制,这是一种允许不可完全信任的代码在受限的安全环境中运行的做法。通过限制代码的访问权限,可以有效地保护应用程序的核心部分不受潜在恶意代码的影响。文章详细解释了如何使用AppDomain创建沙盒环境,并提供了具体的参数说明。
摘要由CSDN通过智能技术生成

批注:沙盒机制是.NET Framework 4.0中对于安全性方面给予开发人员的一个鼓励做法,意思是说某些特殊的程序集(你可能不信任,例如插件),则可以让他们运行在一个特殊的区域中。使用AppDomain来实现该功能。

 

其实,这样的功能在.NET Framework 2.0中也是可以实现的。感觉.NET Framework 4的安全性是一个很大的让步,至少说没有什么大的改进。(纯属个人意见)

 

 

转载自:http://msdn.microsoft.com/en-us/library/bb763046.aspx

Sandboxing is the practice of running code in a restricted security environment, which limits the access permissions granted to the code. For example, if you have a managed library from a source you do not completely trust, you should not run it as fully trusted. Instead, you should place the code in a sandbox that limits its permissions to those that you expect it to need (for example, Execution permission).

You can also use sandboxing to test code you will be distributing that will run in partially trusted environments.

An AppDomain is an effective way of providing a sandbox for managed applications. Application domains that are used for running partially trusted code have permissions that define the protected resources that are available when running within that AppDomain. Code that runs inside the AppDomain is bound by the permissions associated with the AppDomain and is allowed to access only the specified resources. The AppDomain also includes a StrongName array that is used to identify assemblies that are to be loaded as fully trusted. This enables the creator of an AppDomain to start a new sandboxed domain that allows specific helper assemblies to be fully trusted. Another option for loading assemblies as fully trusted is to place them in the global assembly cache; however, that will load assemblies as fully trusted in all application domains created on that computer. The list of strong names supports a per-AppDomain decision that provides more restrictive determination.

You can use the AppDomain..::.CreateDomain(String, Evidence, AppDomainSetup, PermissionSet, array []()[]) method overload to specify the permission set for applications that run in a sandbox. This overload enables you to specify the exact level of code access security you want. Assemblies that are loaded into an AppDomain by using this overload can either have the specified grant set only, or can be fully trusted. The assembly is granted full trust if it is in the global assembly cache or listed in the fullTrustAssemblies (the StrongName) array parameter. Only assemblies known to be fully trusted should be added to the fullTrustAssemblies list.

The overload has the following signature:

AppDomain.CreateDomain( string friendlyName,                         Evidence securityInfo,                         AppDomainSetup info,                         PermissionSet grantSet,                         params StrongName[] fullTrustAssemblies);

The parameters for the CreateDomain(String, Evidence, AppDomainSetup, PermissionSet, array []()[]) method overload specify the name of the AppDomain, the evidence for the AppDomain, the AppDomainSetup object that identifies the application base for the sandbox, the permission set to use, and the strong names for fully trusted assemblies.

For security reasons, the application base specified in the info parameter should not be the application base for the hosting application.

For the grantSet parameter, you can specify either a permission set you have explicitly created, or a standard permission set created by the GetStandardSandbox method.

Unlike most AppDomain loads, the evidence for the AppDomain (which is provided by the securityInfo parameter) is not used to determine the grant set for the partially trusted assemblies. Instead, it is independently specified by the grantSet parameter. However, the evidence can be used for other purposes such as determining the isolated storage scope.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值