I am creating an application that will compile code at runtime and then execute that code.

My worry is this: Someone might make a malicious script, that deletes files for example.

Is there an option in VB.NET that prevents Kill statements and other file operations from executing? Maybe a kind of 'security' feature?

If not, is there another approach that I should take?

Canning

You could theoretically run the compiled code in its own app domain, thereby causing any Kill statements to only take down the process running the script, not your application's proces. If this process was run with zero-privileges, this might stop it doing any file I/O.

We'd have to know why you're compiling code to be able to suggest alternative approaches, however.

The code is text. You can always parse it for things you feel are bad. Of course, the problem there is that you will only be able to parse it for things that you know to look for, which may not be an exhaustive set.

LiteFire wrote:

The code is text. You can always parse it for things you feel are bad. Of course, the problem there is that you will only be able to parse it for things that you know to look for, which may not be an exhaustive set.

That idea is my last resort. So there is no 'security' feature built into VB.NET?

Security feature? What were you really hoping that there would be? Were you seriously expecting that a programming language would be written with a compiler that would take a look at what the person was writing and decide whether or not to compile it based on whether or not the compiler thought it was benign?