I have not done this before but here is my 2 cents worth.
There is a way to take advantage of this but it requires a change in the way the interpreter gets created. The interpreter will have to be created through a special class loader which uses a SecurityManager. The SM would give the interpreter instance the permissions to perform certain functions such as disk i/o.
I think this should work since the interpreter is a java class. Any class the interpreter loads will then (I believe) have the same security settings as the interpreter itself. Hope that gives you some ideas.
From: Adam Berger
Sent: 5/2/01 2:18 AM
Subject: Re: [Jython-users] restricting java classes access in jython
On a related note, is there any way to take advantage
of the java security system to make (untrusted) python
code run in an environment similar to that given to
applets? That is, no access to the disk drive, etc.
I'm sure I'm not the only one using jython as an
unrtusted extension language... having security
guarantees would be magnifique.
--- Tait Larson <email@example.com> wrote:
> I'm experimenting with building a jython interpreter
> into our java
> platform. The our java platform implements the
> business logic of a web
> I'd like to restrict the jython interpreter so that
> it can only
> directly access specific classes currently available
> in the running
> jvm. I could then build a web front end to the
> PythonInterpreter class
> and have a powerful and -- with a well written api
> -- a safe scripting
> interface to our platform.
> How can I restrict the java classes which the
> PythonInterpreter class'
> exec and eval methods recognize.
> Jython-users mailing list
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
Jython-users mailing list