[Jython-dev] [ jython-Support Requests-527230 ] security issues

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Support Requests item #527230, was opened at 2002-03-08 02:21
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=212867&aid=527230&group_id=12867

Category: None
Group: None
Status: Open
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: security issues

Initial Comment:
i plan to embed jython in my java application to give users the most 
flexibility possible. however i'd like to know how i can prevent the 
PythonInterpreter from doing certain things like 
reading/altering/deleting files or creating sockets etc?

----------------------------------------------------------------------

Comment By: Boris Gruschke (bgrus)
Date: 2002-03-20 19:28

Message:
Logged In: YES 
user_id=490595

I haven't done this myself, but you might want to have a 
look at 
http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html

I think the Java 2 security mechanisms can do what you 
want. Basically you define a policy file that sets the 
permissions of Java code (including the Jython Interpreter 
itself) based upon where it was loaded from and what it 
wants to do. The JavaVM enforces the policy you define.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=212867&aid=527230&group_id=12867