stackoom
  简体   繁体   中英

How to securely embed the F# compiler in a asp.net web app

 原文  2016-04-25 09:42:27       f#/ f#-interactive/ f#-compiler-services

Question

I am developing a asp.net web app enabling users to submit F# code, which should be dynamically compiled and executed on the server. I was thinking of either hosting the F# compiler in the web app using the approach shown here: https://fsharp.github.io/FSharp.Compiler.Service/compiler.html Or use F# interactive: http://fsharp.github.io/FSharp.Compiler.Service/interactive.html

The idea would be to dynamically compile the F# code and then load it as an assembly in c# or have F# interactive interpret the code. However, my main concern is security and how to stop the end user from executing arbitrary code. Is there an easy way to restrict this? Thanks!

1 answers

solution1
 1  2020-07-22 11:52:33

This is an old question and things have considerably changed since it was asked. Now the Fable team have managed to run the F# compiler inside of a web-worker, removing the need to execute code on the server-side. This side-steps all of the security concerns around executing untrusted code.

  • You can try out the REPL here .
  • You can view the source-code here .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question F# and ASP.NET ASP.NET Empty Web Applcation for F# Updating an F# ASP.NET Core app from .NET 3.1 to 5.0 UserSecretsId prevents any deployment of F# ASP.NET Core app to Azure App Service ASP.NET Web API Help Page generates incomplete documentation for F# record types What Visual Studio 2017 option is required to create an F# ASP.NET Core Web Application? F# support for latest asp.net 5 and MVC6 Should I try F# with MVC3 and ASP.net? Using F# with ASP.NET Webforms on Mono Controller not being discovered in asp.net core F#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM