In my game (that is also written in C#) I want to include some kind of customization support. Speed is a great concern as I plan to offload major parts of the gameplay to scripts. As a result I choose to use C# for scripting ingame events and stuff. Users should also be able to write scripts and addons for the game in C#. (I know that C# is NOT a scripting language btw.)
I will provide the users with a (static) class that contains all the functions needed to interact with the game. The users will also be able to provide the code as source (the game will compile it in that case). Compiled user "scripts" can / will also be transmitted to other players in some cases. For example a user can build in scripted traps in his home or whatever.
Here are my questions:
Security
How can I ensure that the provided code is forced to ONLY call stuff of the provided API (class) ? To prevent cheating with scripts, malicious activities...
Is there a way to maybe run the compiled code(s) in a sort of VM or low-trust environment ??
Speed
Will this approach be fast enough ? (Calling functions from up to 100 custom assemblys every or every second frame). Any tips on this?
Maybe it's possible to get a speed advantage by compiling all user content into one big assembly or whatever ??
Size
How can I make the compiled code small in size (besides compressing it) ? Because players might need to download tens of scripts...
Is there a way to strip stuff that isn't absolute necessary ? Like debug information or classnames and the likes...
Runtime compilation is fairly new to me (That's why I ask here). So it would be nice to have some major beginner mistakes and / or security concerns pointed out.
Edit:
Just for clarification: A user plugin/script or whatever you would like to call it will be a class (also written in C#) that has to implement specific functions like "GetAddonInfo", "Init", "Update" ... Just like a normal C# class that is derived from my abstract "Addon" class.
