Hi,
I use ScheduledExecutorService and cancel - I am going to submit and show you
the changes this evening.
kind regards
Tobias
> Am 07.01.2016 um 10:50 schrieb Emond Papegaaij <emond.papega...@topicus.nl>:
>
> Hi Tobias,
>
> How do you terminate a thread? The only way to terminate a Thread from
> outside is
> Thread.stop, which is very dangerous. Thread.interrupt will only stop de
> thread if that
> thread supports interrupting. A simple 'while(true);' will not terminate.
> Even if you manage
> to terminate a script in a few seconds, this will not help against a script
> like:
>
> var i = 0, o = {};
> while(true) {
> o[i++] = new Array(1000000);
> }
>
> Don't understand me wrong, a resource like this can be useful in some
> situations, but you
> realy have to make sure it is not exposed to the user, or you will have to
> deal with rogue
> scripts.
>
> Best regards,
> Emond
>
>> On Thursday, January 07, 2016 10:25:30 AM Tobias Soloschenko wrote:
>> Hi Emond,
>>
>> I already implemented a thread pool which terminates long running scripts. I
>> am going to submit it this evening.
>>
>> Good hint with the class filter - I am going to have a look at it. Thanks!
>>
>> kind regards
>>
>> Tobias
>>
>>> Am 07.01.2016 um 08:24 schrieb Emond Papegaaij
>>> <emond.papega...@topicus.nl>:
>>>
>>> Hi Tobias,
>>>
>>> This is a very nice feature indeed, but be very carefull when exposing
>>> server-side code to a client. What would happen if some user would post
>>> 'Java.type("java.lang.System").exit(0)'? A service like this must always
>>> be protected via some sort of whitelist filter. The Java Scripting API
>>> has support for ClassFilter, which can be used for this.
>>>
>>> Another problem is a DoS attack. A user could post several non-terminating
>>> scripts, eating all available processing threads or claim insane ammounts
>>> of memory. These types of attacks are much harder to protect against.
>>> Some scripting engines allow inserting custom code before and/or after
>>> every statement. This could used to protect against non- terminating
>>> scripts. However, preventing OutOfMemory is very difficult (if not
>>> impossible). There are simply too many ways memory can be claimed and no
>>> way of checking the ammount used.
>>>
>>> Best regards,
>>> Emond Papegaaij
>>>
>>>> On Wednesday, January 06, 2016 06:40:53 PM Tobias Soloschenko wrote:
>>>> Hi guys,
>>>>
>>>> I am currently playing around a bit with the nashorn implementation of
>>>> Java 8.
>>>>
>>>> I just implemented a ResourceReference to show up cool features. :-)
>>>>
>>>> Features:
>>>> * Post javascript against the resource reference which is executed on
>>>> server side and optional enriched with user scoped objects that can be
>>>> accessed (read / write)
>>>> * Access to user objects can be setup in the corresponding method
