In the Microsoft guidance for how to run partially trusted code in a sandbox, it mentions
For security reasons, the application base specified in the info parameter should not be the application base for the hosting application.
Why is this the case?
I had the same question. I found an example here on stack overflow that does use the the current application base. I just found another stack overflow article that seems to provide the explanation we're looking for. I guess using the same base allows the slave AppDomain to exploit its parent.
