Hi Johannes.

Thanks for your answer!

The problem is, that I want to run untrusted Jython user code on a server machine. There's a small API that should be used by the user. The web application itselfs needs access to different Java classes (e.g. java.io.*). But the user code must be restricted.

Furthermore, I need to restrict the maximum heap for the user code. Possibly, this is only realizable with a separte JVM.

Cheers

PAX



Von: Johannes Buchner <buchner.johannes@gmx.at>
An: jython-users@lists.sourceforge.net
Gesendet: 17:24 Samstag, 2.Februar 2013
Betreff: Re: [Jython-users] How to restrict accessible packages

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/02/2013 05:11 PM, PAX wrote:
> Hi friends of Jython
>
> I've got a question: Is it possible to let Jython restrict the
> access to specific Java packages? For instance, how can I tell
> Jython to reject the usage of classes from "java.io.*" in user
> code?

Perhaps you can achieve what you want using Java permissions:

http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html

http://docs.oracle.com/javase/6/docs/technotes/guides/security/permissions.html#FilePermission

Can you elaborate why you want to restrict access to java.io?
I think if you try to cripple Jython, you will run into many issues
and it may not even run. Permissions seem to be the right way (TM) to
restrict IO.

Cheers,
      Johannes

>
> Is this possible?
>
> Cheers
>
> PAX
>
>
> ------------------------------------------------------------------------------
>
>
Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics Download AppDynamics
> Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan
>
>
>
> _______________________________________________ Jython-users
> mailing list Jython-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/jython-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlENPa4ACgkQ7X1+MfqVcr3hzgCfRxRtm565wr+xlK4UO+4tX2KS
eFcAn2S2A+M4afdF9eS84N7ihsW9ZNqU
=znpL
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
Jython-users mailing list
Jython-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jython-users