Menu
▾
▴
[Jython-users] Resticting access
|
From: Edward P. <epo...@te...> - 2001-11-26 02:21:22
|
Hi, I had been writing a simple script language, and in looking for a run time environment (as opposed to writing my own interpreter) I discovered my expressions were exactly the same as Python expressions (with a little overloading). So I decided to use Jython instead ... why reinvent the wheel? I will still parse the a python subset to make sure the user (typically a non programmer) doesn't do something silly. But I want a version for the more adventurous users. How do I restrict Jython use of 'import xxx' and 'from xxx import yyy' My ideas are 1) catch things within my parser or 2) write a classloader and use it to load jython. The classloader would allow only classes that I deem safe. 1) is possible but will 2) work. Does jython pull any magic tricks to get around java security? If not 2) seems to be the best way. Has anyone out there had to dealt with this before? Thanks -Ed |
