Menu
I'm currently working on a very modular and plugin-based framework for my bachelor's thesis. The main idea is, that there is a folder inside my application structure named plugins where you can drop in compiled plugins (e.g. .dll-files), that conform to a special interface IPlugin. The application then executes tasks using the plugin a user selects. So, if I want to perform a task once in a PDF-file, I'd choose the PdfPlugin and once in a word document, I'd choose the DocPlugin to the work.
The output is also defined in interfaces, so every plugin returns the same data structure. Just the actual work differs for each library.
Now, as the application just calls the methods defined in the interface, e.g. ParseDocument() and such, how can I prevent the plugins (that may have been developed by third parties) from executing harmful code?
I'm working on .NET3.5 (maybe will switch to 4, not yet decided) and C#.
323
I'm working on .NET3.5
In that case, I would isolate your Plugins to run in a separate AppDomain, use Code Access Security and restrict the permission set of the App Domain. This "sandboxes" your plugin assemblies.
For instance, you could take away all Unmanaged Code permissions and File IO Permissions, and then your plugin would never be able to write to the file system.
This isn't for the faint of heart. AppDomains can be tricky to work with and require serialization, object lifetime policies, etc. You could use MAF as it takes away a lot of the plumbing.
72
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
