I'm working on an application that supports running code written by users using VBCodeProvider. I would like to limit the things they can do, for example:
- Block reflection
- Block access to the file system from the script level (referenced assemblies should be allowed to access it)
- Make sure they can't call any unmanaged code
- Block direct access to the database (SQL Server), they can only use referenced data layer assembly
- Deny access to certain methods in referenced assemblies that are part of our project
What would be the best way to approach it? What else should we think of exposing this type of functionality to the user?