-----------------------------
Please read the FAQ!
<http://java.apache.org/faq/>
-----------------------------
We're discussing the addition of a JSP like support for a project. The
user would be able to write sections of java code in the HTML file just
like JSP, but they wouldn't be able to determine which classes get
imported, etc. So they would only have access to the classes that I
choose to let them import. To stop them from loading classes by name,
Class.forName("java.lang.System");, etc. I was going to compile the
.java file against a trimmed down classes.zip that had all the malicous
stuff (System, Runtime, Class, ClassLoader, File, etc. etc.) removed.
Does this idea sound safe? Any other suggestions, etc? We want to give
the flexibility of a full blown language like java, but limit the risk
associated with executing their code.
Jonathan
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
