An automatic import of java.lang.* isn't a Drools feature - it is a Java feature, and, ultimately, RHS code needs to be passed to a Java compiler.
Moreover, even when Java itself would not automatically import java.lang.Process, using the full-blown class name in the code still gives you access to that class. -W On 27/12/2013, 18922445710 <18922445...@189.cn> wrote: > Hello, everyone, > Greetings! > > I want to use Drools6.0 in my project,but I found a security issue. The > Drools6.0 automatically import the java.lang.* packages. > As we all know, thess packages including some package such as Process > class,which can damage the application's security. > So, I want know how to prohibit some package from executing in rule > configure file(including drl,decistion tablea) or program code. > Thank you everyone . > > With my best wishes! > > Sincerely yours, philip _______________________________________________ rules-users mailing list rules-users@lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users