I am developing a asp.net web app enabling users to submit F# code, which should be dynamically compiled and executed on the server. I was thinking of either hosting the F# compiler in the web app using the approach shown here: https://fsharp.github.io/FSharp.Compiler.Service/compiler.html Or use F# interactive: http://fsharp.github.io/FSharp.Compiler.Service/interactive.html
The idea would be to dynamically compile the F# code and then load it as an assembly in c# or have F# interactive interpret the code. However, my main concern is security and how to stop the end user from executing arbitrary code. Is there an easy way to restrict this? Thanks!