Well, there is this:


But does the fact that Zope has such framework lets us conclude something useful for Jython? To my understanding, it't the Jython that should provide a restricted environment in it's interpreter instance, where the imports would be restricted to a set of allowed ones (or not allowed at all, leaving it to the init script launched on server at interpreter instantiation time).

I see something regarding this in Jython development, but I guess it's far from finished:


I fond it strange that this question is not raised more often, there's very little discussion about this. Seems like a basic security concern for any system to limit the possible damage done by sneaky code. If, some system provides Python scripting via help of Jython, there's an easy way to wipe out files on the users hard disk. Of course, users should be careful with running unverified code, etc, etc, but hey, not always user has information that a system has a macro running feature and that it could be potentially tampered with.

On Thu, Oct 10, 2013 at 12:37 AM, Fernando Martins <fernando@cmartins.nl> wrote:
On 10/09/2013 10:57 PM, Pāvils Jurjāns wrote:
> In my project, Jython is used to run user-submitted scripts on a
> server. Currently there is no security whatsoever, the Jython script
> has access to the server file system, can issue http requests, etc.
> It's ok if the scripts are developed by a trusted party, but it may
> not be the case in all potential scenarios where my project could be used.
> I am wondering if there's a way how run the potentially malicious
> scripts in a sandbox where I have specifically designated selection of
> accessible Java classes, and shut the access to the file system or the
> Internet.
It's a long shot but zope used to have Zope Python Scripts which ran
Python with restrictions, for a purpose similar to yours.

October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
Jython-users mailing list