You can rely on Java security facilities if you run your JVM under a
security manager, and then use PolicySecurityController to force JS
scripts to run in a low-privilege security context, as specified by
the Java policy you specify on java command line. That way, they won't
be able to do "nasty" things (like, read/write files they aren't meant
to, open network connections etc.) and JRE will take care of enforcing
that.
Attila.
On 2008.01.25., at 21:50, Jan Grant wrote:
> On Fri, 25 Jan 2008, keith wrote:
>
>> Hi Norris,
>>
>> I tried this but then accessing host objects fail with exceptions
>> such
>> as Access to Java class "java.lang.String" is prohibited. I want to
>> prohibit running java code directly from javascript but I want to
>> expose my host objects. Whats the best way to do this?
>
> I had a bit of a stab at this: ditched the importing of Package into
> the
> namespace and got rid of getClass and other routes to the classloader.
> Then whatever APIs I expose to the environment (ie, the graph of
> reachable types) seems pretty much under control.
>
> It's being able to implement object capabilities via that "reachable
> through calls" graph (which finds troublesome calls under the base
> class
> Object) that seems the most natural way to achieve what I'm after: but
> then I'm interested in running JS of a low trust level.
>
> Still not convinced my approach was watertight; it'd be interesting to
> hear how others are doing this.
>
> Cheers,
> jan
>
> --
> jan grant, ISYS, University of Bristol.
http://www.bris.ac.uk/> Tel +44 (0)117 3317661
http://ioctl.org/jan/> OORDBMSs make me feel old; I remember when this was all fields.
_______________________________________________
dev-tech-js-engine mailing list
dev-tech-js-engine@...
https://lists.mozilla.org/listinfo/dev-tech-js-engine
