Also, you may want to check PolicySecurityController too. Attila.
On Jul 29, 2008, at 5:26 PM, Norris Boyd wrote: > On Jul 28, 11:31 am, beadrsh <[EMAIL PROTECTED]> wrote: >> Hi, >> >> I plan to implement a system in which client passes in the javascript >> containing some business logic.What i intend to do is to form a >> superset of JavaScript code, i.e add some rhino scripting logic which >> involves doing some i/o file operations .I have combined the script >> that client has passed to my server-side Javascript and i call some >> of >> these functions. >> >> Now after combining both the server-side and the client-side >> scripts , >> Now i understand that there will be security issues as the client can >> use in java packages to maybe delete the files on the server. >> >> My question is ,i want to know if i can make out if a script has got >> some server-side scripting logic like deleting files on server hence >> avoid executing it. >> >> Sorry if this question sounds trivial as i am new to rhino. >> >> Thanks in advance > > Check out org.mozilla.javascript.Context.setClassShutter and and > Context.observeInstructionCount for ways to limit Java class > visibility and script execution time respectively. > > --N _______________________________________________ dev-tech-js-engine-rhino mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
