I am toying around with the idea of building an online C# interpreter, a bit like Codepad. Now there are obvious security issues:
- Infinite loops
- System.Diagnostics.Process.Start
- Pretty much the whole System.IO namespace
My knowledge of C# isn't exactly insignificant, but I'm sure there are a lot that know much more about it, plus the stuff I didn't think about. What would you be careful about?
A few precisions, I plan on running this on a small Linux VPS using Mono.
Use Mono's Compiler as service capability. It can be compiled to a Silverlight compatible DLL (client profile), and has been already, which you can checkout. That should address some of your concerns about IO.