PlugIns - Preventing Malicious Code...
-
Hello experts, I'm working on a system which would be able to dinamically load all kinds of multiplayer games. In order for the system to know how to handle any game, I set up some ground rules using an abstract class named
GameEngine. Among other stuff, it contains an abstractProcessMessage()method. At first I thought of loading DLLs from a special folder, and analyzing every class which inheritsGameEngine. But then came another thought into my mind... What if someone, instead of implementing a game, inheritsGameEngineand puts down malicious code intoProcessMessage()? My first solution is not to read DLLs from a directory, but to read only a DLL that I will code... Whenever I want to add another game, I would update the DLL... However, this prevents other programmers from adding games to my program... What can I do? Thanks in advance, Shy. -
Hello experts, I'm working on a system which would be able to dinamically load all kinds of multiplayer games. In order for the system to know how to handle any game, I set up some ground rules using an abstract class named
GameEngine. Among other stuff, it contains an abstractProcessMessage()method. At first I thought of loading DLLs from a special folder, and analyzing every class which inheritsGameEngine. But then came another thought into my mind... What if someone, instead of implementing a game, inheritsGameEngineand puts down malicious code intoProcessMessage()? My first solution is not to read DLLs from a directory, but to read only a DLL that I will code... Whenever I want to add another game, I would update the DLL... However, this prevents other programmers from adding games to my program... What can I do? Thanks in advance, Shy.You should allow plugins, regardless of the security risks.
-
Hello experts, I'm working on a system which would be able to dinamically load all kinds of multiplayer games. In order for the system to know how to handle any game, I set up some ground rules using an abstract class named
GameEngine. Among other stuff, it contains an abstractProcessMessage()method. At first I thought of loading DLLs from a special folder, and analyzing every class which inheritsGameEngine. But then came another thought into my mind... What if someone, instead of implementing a game, inheritsGameEngineand puts down malicious code intoProcessMessage()? My first solution is not to read DLLs from a directory, but to read only a DLL that I will code... Whenever I want to add another game, I would update the DLL... However, this prevents other programmers from adding games to my program... What can I do? Thanks in advance, Shy.You should sign your plugins ( DLLs ) using Signcode.exe and also use a Dotfuscator like tool to prevenet (as much as you can) your dlls from being disassembled to their original source code. Don't forget SecurityPermissionAttributes which also add another level of protection to your distributed plug-ins(DLLs). Checkout: Web site: http://msdn2.microsoft.com/en-us/library/ab4eace3(vs.71).aspx MSDN Library: Assembly Security Considerations Hope this helps...