Oh man,
that were times! Good point, will see if this is usable. Thanks a lot for
the hint!

Cheers,

/peter neubauer

GTalk:      neubauer.peter
Skype       peter.neubauer
Phone       +46 704 106975
LinkedIn   http://www.linkedin.com/in/neubauer
Twitter      http://twitter.com/peterneubauer

http://www.neo4j.org              - NOSQL for the Enterprise.
http://startupbootcamp.org/    - Ă–resund - Innovation happens HERE.


On Mon, Nov 28, 2011 at 6:41 PM, Marko Rodriguez <okramma...@gmail.com>wrote:

> Hi Peter,
>
> > Now, the question is if any of you has some experience tweaking the Java
> > Security Manager to remove System.exit, File write permissions and other
> > bad stuff from that code. Would love to see some examples of real-life
> > securing JSR232 script engines. Or are there other mechanisms that work
> > better than
> >
> http://docs.oracle.com/javase/tutorial/essential/environment/security.htmlfor
> > this type fo task?
>
> Remember you, me, and Josh worked on LinkedProcess a few years back (
> http://xmpp.org/extensions/inbox/lop.html ). Given that any random user
> on the web could execute arbitrary code on another users machines, we had
> to solve the "security hole" problem. In our Java-based reference
> implementation LoPSideD, we tweaked the JVM such that arbitrary JSR223 code
> does not violate particulate security constraints. See:
>
>
> https://github.com/tinkerpop/tinkubator/blob/master/lopsided/lopsided-farm/sweden_countryside.properties
>
> and...
>
>
> https://github.com/tinkerpop/tinkubator/blob/master/lopsided/lopsided-farm/src/main/java/org/linkedprocess/farm/Farm.java#L189
>
> ...the full codebase is in the Tinkubator at this location:
>        https://github.com/tinkerpop/tinkubator/tree/master/lopsided
>
> In short, I believe that this was all set at the thread-level -- ?? --
> however, Josh was the one who did the work on security so you might want to
> ask him.
>
> Hope that gives you some starting points,
> Marko.
>
> http://markorodriguez.com
> _______________________________________________
> Neo4j mailing list
> User@lists.neo4j.org
> https://lists.neo4j.org/mailman/listinfo/user
>
_______________________________________________
Neo4j mailing list
User@lists.neo4j.org
https://lists.neo4j.org/mailman/listinfo/user

Reply via email to