Case Status Kiln
Register Log In


"How To" Guides»AppDomains and Plugin Code Sec…
  • RSS Feed

Last modified on 8/6/2012 11:01 AM by User.


AppDomains and Plugin Code Security

The FogBugz Plugin Architecture uses AppDomains to prevent plugins from gaining access to your FogBugz server and running amok. The use of AppDomains in FogBugz is similar to this posting on

FogBugz keeps the plugins in a separate AppDomain with fewer security permissions and no connection to the database. When a plugin needs to do things like talk to the FogBugz database, it either has to be called by FogBugz (by implementing one of the interfaces) or call into FogBugz (via CPluginApi). When a plugin does this, FogBugz passes objects across the AppDomain boundaries either by MarhsalByRefObject (when we want the plugin to be able to modify an object in the FogBugz AppDomain) or by straight serialization (when we just want to give them a copy of the object).

If you are running FogBugz locally, need to run your plugin in the FogBugz app domain and understand the damage your code could do (DELETE FROM Bug WHERE 1), you can follow this guide. An example of when you'd need to do this is if you have to connect to another database.