c# - CSharpCodeProvider - Is it abusable? -


Apologies for the lack of question, though I do not think it needs too much detail. Any security related cause can be caused by using

CSharpCodeProvider and can any server open for attack?

It depends on how you use it. Here is a safe solution that is used safely, which you definitely do not want to allow (when code is running on a server or some environment that you want to control):

  • If you use the CSharpCodeProvider to create the C # source code, you only allow to save files generated in some directories or to note all Is required It is possible to have a memory stream generated in the code)

  • If you use it to prepare from the C # source, then you have csc.exe is required to run (which may be available in some limited environments such as shared hosting).

  • If you only have file & amp; Compile them, then it will probably not be harmful (although some might misuse your application, causing many files to be generated and attacking the server using some types of DOS attack.

  • If you load and execute the generated code, then it depends on how you make it. If you believe that there is no bug in C # / codedom and guarantee That could be If the code is safe, you should be OK.

  • If your code contains things that can be provided in some way (some way) by the user, So the user can write whatever he can on your server and run anything, so it can be potentially dangerous.


Comments

Popular posts from this blog

windows - Heroku throws SQLITE3 Read only exception -

lex - Building a lexical Analyzer in Java -

python - rename keys in a dictionary -