Executing a powershell script using C# is secure or not?

Question

I need to execute powershell script using C#.net, so my concern is security in a production environment, is it secured or not to execute a powershell script using C#.net. If not what are the ways to ensure security, also i need to pass parameters dynamically from C#.net code. Any help/suggestion would be great in concern to security about executing powershell script using c#.net.

Thanx in advance

Answer 1

on the topic of security:

Whatever you do, DO NOT BLINDLY PARSE USER DATA! If you spent any time on the internet since August, you'll likely have heard about the ShellShock Bash bug which has sysadmins around the world scrambling to update their Bash client because there was a huge potential for unwanted code execution otherwise. User data should never be trusted, EVER!

Before you send any commands involving user data to PowerShell, validate the command. verify it against a whitelist of allowed commands, paths and flags. If it doesn't verify properly, don't execute it. Also check for user privileges so user A cannot affect data from user B. Keep a log of every command that's executed (which you probably need to do through the application), with the exact command that is executed by PS. If possible, run the commands using a user that only has access rights for the correct folder, and only has execute rights for those commands.

Answer 2

Apart from Filburt's reply, you can find help on below thread for passing parameters dynamically to your script:

Using C# to execute PowerShell script with command line args using V2 methods