I am building a program where I intend to provide an API, allowing other developers to build .dll libraries that are placed in a folder which my program can find at runtime and import them. I find the files and load them with Assembly.load(), then find the classes using Assembly.GetExportedTypes() which implement a particular interface.
This code is functioning correctly, but frankly I have some concerns about what developers could be importing, particularly with regard to actions such as running executables from their code, trying to access or delete files on the system outside of the program's folder structure, or potentially even establishing some sort of network connection and passing data forward.
I understand that I must accept some level of risk when allowing this sort of feature, but what can I do to harden the program from malicious activity while still allowing the import of external libraries for extensibility?
Aucun commentaire:
Enregistrer un commentaire