Security - trust passed parameters and functions

Dec 5, 2011 at 9:04 AM

Thanks for a greaat project!

Is there a way to "trust" the passed parameters and functions? I version 0.9.2 it seems that it is executed at another trust level.

Coordinator
Dec 5, 2011 at 5:29 PM

There is a DisableSecurity() on JintEngine.

Dec 5, 2011 at 9:54 PM

Thanks. DisableSecurity() is almost what I want. I would however also like to limit access to the .net runtime. E.g.:

var sb = new System.Text.StringBuilder();

should not be possible, only methods that I explicitly added to Jint should be accessable. Those parameters / methods that I explicitly add should be executed at same trust level as Jint. Can I do this?

Coordinator
Dec 5, 2011 at 9:57 PM

You can create your own CAS profile by adding Permissions then, but it won't be like exposing specific methods. Though I think you don't need more than that.

Dec 6, 2011 at 7:33 AM

My situation are that I only pass one object to Jint. The object has several methods and most of them fetch data from a database using LINQ. It seems like Full Trust are needed for LINQ to work, however that would give the end user too much access to the framework. So what I seek is a combination of "DisableSecurity" and "AllowClr = false", Is that easy to accomplish?