0

I'm trying to create a Pluggable system using asp.net

I've read this question and the big problem I've encountered is that i need to pass all sort of stuff from the plugin to the host such as: models, event handlers views (using RazorGenerator or alike) etc.

and when accessing them using appDomain proxies it requires that the passed objects will be serializable and not all items can be,

so my question is what are the problems of Assembly.Load, so if I'm doing the following

foreach(FileInfo file in files)
{
    var assembly = Assembly.Load(file);
    var type = assembly.GetTypes()
                   .FirstOrDefault(s => s.IsAssignableFrom(typeof(MyBaseType));
    if(type == null)
    {
        continue;
    }
    var plugin = Activator.CreateInstance(type);
    plugin.DoInitiaton();
    // ... storing plugin for later use
}

and in example scenario someone hacked into my server and uploaded malicious DLL can it harm my application if I'm only loading it?

Community
  • 1
  • 1
Eli Y
  • 877
  • 16
  • 41
  • https://blogs.msdn.microsoft.com/shawnfa/2004/06/07/checking-for-a-valid-strong-name-signature/ – Wiktor Zychla May 19 '16 at 19:21
  • 2
    All I can say - If someone has managed to inject malicious dll into your website, your plugin system is the last thing you should be worried about. – Dusan May 19 '16 at 19:24
  • For example - in MVC application, if someone injects dll with controller class you are then already screwed. – Dusan May 19 '16 at 19:28

0 Answers0