|

»

codehaus - janino

»

Security: restrict package access

View: New views

3 Messages — Rating Filter: Alert me

	Security: restrict package access by rio :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I would like to restrict package access for the code fragements compiled and executed by Janino ExpressionParser. The Janino compiled code should only be able to access methods of the superclass that it implements and from the java.lang.* package. The methods of that superclass, that are implemented in my source code, should than be able to call whatever they want again. In other words. The thread that executes the JaninoExpressions should within the Janino Code be restricted to only have access to classes withiin specified Packages, and as soon as it comes back to my code, the thread should have full access again. We use janino to make parts of our application configurable. Without the restriction this would be a too big security breach. Some keywords i have been googling but without much success: - ProtectionDomain - checkPackage - SecurityManager - SandBox - sealed package but I did not manage to achieve anything. Is it doable at all. Any hints or even example code snappets? Thx
	Re: Security: restrict package access by Arno Unkrig :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Rio, I moved your issue to http://jira.codehaus.org/browse/JANINO-66 , please check and comment there. CU Arno rio schrieb: > I would like to restrict package access for the code fragements > compiled and executed by Janino ExpressionParser. The Janino compiled code > should only be able to access methods of the superclass that it > implements and from the java.lang.* package. The methods of that superclass, > that are implemented in my source code, should than be able to call whatever > they want again. > > In other words. The thread that executes the JaninoExpressions should > within the Janino Code be restricted to only have access to classes withiin > specified > Packages, and as soon as it comes back to my code, the thread should have > full access again. > > We use janino to make parts of our application configurable. Without the > restriction > this would be a too big security breach. > > Some keywords i have been googling but without much success: > - ProtectionDomain > - checkPackage > - SecurityManager > - SandBox > - sealed package > but I did not manage to achieve anything. > > Is it doable at all. Any hints or even example code snappets? > > Thx --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
	Re: Security: restrict package access by Arno Unkrig :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi there, JANINO 2.5.0 allows you to execute your Expression/ScriptEvaluators in a "sandbox". Please check! CU Arno Arno Unkrig schrieb: > Hi Rio, > > I moved your issue to > > http://jira.codehaus.org/browse/JANINO-66 > > , please check and comment there. > > > CU > > Arno > > rio schrieb: > >> I would like to restrict package access for the code fragements >> compiled and executed by Janino ExpressionParser. The Janino compiled >> code >> should only be able to access methods of the superclass that it >> implements and from the java.lang.* package. The methods of that >> superclass, >> that are implemented in my source code, should than be able to call >> whatever >> they want again. >> >> In other words. The thread that executes the JaninoExpressions should >> within the Janino Code be restricted to only have access to classes >> withiin >> specified >> Packages, and as soon as it comes back to my code, the thread should have >> full access again. >> >> We use janino to make parts of our application configurable. Without the >> restriction >> this would be a too big security breach. >> >> Some keywords i have been googling but without much success: >> - ProtectionDomain >> - checkPackage >> - SecurityManager >> - SandBox >> - sealed package >> but I did not manage to achieve anything. >> >> Is it doable at all. Any hints or even example code snappets? >> >> Thx > > > > --------------------------------------------------------------------- > To unsubscribe from this list please visit: > > http://xircles.codehaus.org/manage_email > > > --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email