Last post Jan 24, 2009 07:18 PM by hirokio
Dec 30, 2008 03:42 AM|hirokio|LINK
Hi, this is the first time to post in this forum.
I just started using IronPython a couple of weeks ago, and thinking if I can allow users to write their code like for calculation even partially and run it secure in a ASP form using PythonEngine. Imagine a case providing users a space to write their own
functions for specific calculations in a text box and test the code in PythonEngine.
To do this, I have several possible issues, which is how to:
1. Prohibit them to import .NET libraries such as "System.IO" and access to the local files.
2. Prohibit them to run their code that could consume too much CPU and memory resources (it might make the whole process slow or hang up)
3. Provide them with debug information when their code has any problems.
For the first issue, I'm assuming that I can prohibit it by restricting "import" by checking the code before run. However, I'm not so sure if any originally available method in PythonEngine makes it possible to run malicious codes. I don't know how to work
on this issue, so I would apprecaite if you know any idea of it.
The second issue, I'm assuming, can be avoided by running the code in a different thread and try-catch clause as well as put a time limitation so that execute "Abort" or "Finalize." Do you think these are enough to avoid the issue?
For the last one, I'm thinking to provide users debug information with ClrDebuggingEnabled property true in EngineOption.
I've been trying to figure out the issues above, while the documentation seems not enouch available to me. So, I appreciate if you have any idea or useful resources.
Dec 30, 2008 02:16 PM|TATWORTH|LINK
First of all welcoime to the forum!
This is certainly an intriguing question!
One principal that I would urge upon you is to adopt a "white list" and not a "black list" approach. A white list approach only allows to pass what is known to be allowable rather than detect what is wrong.
Beyond that all I can suggest is to ask the question over on the MSDN forum as well.
Jan 02, 2009 04:49 AM|hirokio|LINK
Thank you for advise, TATWORTH.
Yes, I would take the white list approach when using .NET libraries, while I'm not very sure if any method originally available in PythonEngine could access to some local files or cause something unexptected. In other words, I'm looking for some resource
describing what is possbile with IronPython.dll and IronMath.dll in PythonEngine. I guess the latter is just for calc though... Do you know any info or reference to know the detail of the former?
A Happy New Year!!
Jan 24, 2009 07:18 PM|hirokio|LINK
I tried a couple of Python codes such as "open('file name', 'w')" in a sample website like below, and found that the code can read/write to local resources, which I want to avoid. Is there anyway to prohibit this? I couldn't find any resource about it.
<code from here>
ScriptEngine engine = Python.CreateEngine();
ScriptScope scope = engine.CreateScope();
ScriptSource source = engine.CreateScriptSourceFromString(codeString, SourceCodeKind.Statements);
<code up to here>
If change the trust level for the application in IIS 7.0 into "medium," the code is not processed as I expected. So, my tentative answer is to set an appropriate code access for the application (for example, no local resource read/write except SQL database