即时通讯目前增加一个接口，我的应用程序，以便其他人可以通过插件扩展。我的应用程序所使用的MMO游戏玩家和我不会在插件的任何控制（在任何人都将被允许让他们），我希望我能有一定程度的控制在code的插件。

Im currently adding a interface to my application so other people can extend it with plugins. My application is used by MMO gamers and i will not have any control over the plugins ( In that anyone will be allowed to make them ) and i was hoping i could have some degree of control over the code in the plugins.

什么即时通讯怕的是有人做了一个插件，要么包含错误code，它开始写以外的文件夹允许文件夹或通过设计来实现的。由于这将由MMO游戏玩家运行某种形式的键盘记录将是非常糟糕的。

What im afraid of is someone making a plugin that either contains bad code that starts writing to folders outside "allowed" folders or does this by design. Since this will be run by a MMO gamers some sort of keylogger would be very bad.

所以IM希望有一种方法对我来说： 强制插件的沙箱中运行它不具有直接访问文件系统，Windows或网络。实际上迫使他们使用API​​我为这些行动。 我想这可能是更多钞票来检查插件的dll希望它包含什么命名空间，它使用了，根本不加载包含坏的命名空间的插件列表。

So im hoping there is a way for me to: Force the plugin to run inside a sandbox where it does not have direct access to filesystem,windows or network. In effect forcing them to use the API i provide for those actions. I was thinking it might be posible to inspect the plugin dll hoping it contained a list of what namespaces it uses, and simply not load plugins that contained "bad" namespaces.

我的插件接口是基于这个伟大的$ C $的CProject条每页，我曾尝试寻找一些这方面的信息。但我无法改进搜索到一个点，它返回的东西有用，如果马瑟斯我的技能等级是C＃和一些跨平台的C ++。

My plugin interface is based on this great codeproject artice , i did try to search for some information on this. But i was unable to refine my search to a point where it returned something usefull, if it mathers my skill level is C# and some cross platform c++.

推荐答案

它在你面前加载它可以检查某些事情大会。在此之前执行code或组件内构建类型，您可以通过一整套组件类型和使用反射引用运行，然后搜索无效的参考。但是，这不会是非常有效的，因为你一直在寻找的东西是不好的 - 当真的，你需要定义好，而不是操作，并且只允许那些

It would be possible to inspect the assembly for certain things before you load it. Prior to executing code or constructing a type within the assembly, you could run through the entire set of assembly types and references using reflection, and search for "invalid" references. However, this is not going to be very effective, as you're always searching for things that are bad - when really, you need to define the operations that are good, instead, and only allow those.

要干净强制执行的插件不同的安全策略的唯一方法就是加载插件到不同的的AppDomain 。

The only way to cleanly enforce a different security policy for plugin is to load the plugin into a different AppDomain.

通过加载插件在它自己的AppDomain，您可以强制在其code不同的安全策略（基本上是在一个沙盒中运行它）。你可以提供传递到插件，以便给它获得的功能超出了本身的插件接口或类。

By loading the plugin in it's own AppDomain, you can enforce different security policies upon its code (basically run it within a sand box). You can provide interfaces or classes that are passed into the plugin in order to give it access to functionality beyond those in the plugin itself.