I need to get pointed in the right direction. I have embedded an Iron Python scripting host into a simple C# application, but now I need to know the best practices for locking down security on a user generated IronPython or IronRuby script.
Specifically, what are the strategies for preventing library imports and isn't there a way in .NET to run a block of code or a thread in a different security context, for instance to prevent file system access? Also, can this context be assigned a built-in level or role rather than an actual user?
Thanks!
You should run scripting host in different appdomain, and setup Security Policies via Evidence property using sandboxing API