On Tue, May 20, 2008 at 8:42 AM, Matthew Toseland <toad at amphibian.dyndns.org> wrote: > Another worry with db4o: a lot of configuration needs to be done on the Db4o > object, before creating the ObjectContainer. Once we have "untrusted > plugins", we will need to provide an indirection layer for plugins to call > the config settings they need, e.g. creating indexes, while not breaking the > node (so we will need to limit what classes etc they can access), before > creating an ObjectContainer. We will also have to prevent untrusted plugins > from accessing the static methods on Db4o. This is however a common problem > for untrusted plugins: We don't have much in the way of static methods in our > code, but e.g. the java service wrapper has plenty. > > So it's not a showstopper, just something to be careful of.
I think as time goes on, untrusted plugins are going to be a world of pain, not just related to db4o, but generally :-/ Sandboxing, while providing the functionality they will need will be non-trivial, and whenever we modify the architecture its going to add a whole new dimension of potential trouble. Ian. -- Email: ian at uprizer.com Cell: +1 512 422 3588 Skype: sanity
