Hi Nick, I would love to try out the OpenJDK patch, how can I get access to it? Also, a couple months ago you mentioned about open sourcing Acre, any news on this?
On Aug 17, 9:11 am, Nick Thompson <[EMAIL PROTECTED]> wrote: > You can ask for a callback every N "instructions" and stop > infinite loops in JS. You have to be careful which Java > libraries you allow access to though, some of them may > contain DoS issues. A supervisor thread could watch for > sneakier runaway user threads and kill them, but Rhino > has no built-in support for this. > > Stopping memory DoS is thornier. For Acre we have a patch to > OpenJDK that enforces a per-thread memory allocation limit. > Since we don't allow untrusted code to create threads this > gets the job done. We'd be very happy to have more people > using the patch, but it does require compiling your own JVM. > > nick > > ian wrote: > > Hi, I'm interested in using Rhino to run untrusted code but I'm > > curious as to how to prevent this code from doing evil things, in > > particular stuff like busy-wait loops to do a CPU DoS, or > > alternatively a memory-DoS. > > > Is this possible with Rhino? > > > Regards, _______________________________________________ dev-tech-js-engine-rhino mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino
