Among a couple of improvement suggestions on the forum, [discussion:eeedc9e2]
- Allow groovy expressions in the sql query text e.g. in marked blocks e.g. g{...}
- Allow groovy expressions in other places that can benefit from use of expressions e.g. parameter default values. Expression use indicated by starting the value with "=". Or have separate boolean field, Is Expression? And additional field for language in case other scripting languages will be supported e.g. java, javascript?
- Use Apache BSF?, https://commons.apache.org/proper/commons-bsf/
- Have an option in application config to enable/disable this e.g. allowGroovyExpressions (default to false)
- Must have some kind of measures to mitigate security risks e.g. see the following
https://stackoverflow.com/questions/10219870/untrusted-groovy-script-security-in-java
http://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/
http://groovy-sandbox.kohsuke.org/
https://github.com/kohsuke/groovy-sandbox
http://blog.datenwerke.net/p/the-java-sandbox.html
http://www.chrismoos.com/2010/03/24/groovy-scripts-and-jvm-security/
Diff:
Diff: