Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 84D24200BA3 for ; Thu, 20 Oct 2016 13:34:52 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 8362F160AE0; Thu, 20 Oct 2016 11:34:52 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C181B160ADB for ; Thu, 20 Oct 2016 13:34:51 +0200 (CEST) Received: (qmail 32540 invoked by uid 500); 20 Oct 2016 11:34:50 -0000 Mailing-List: contact dev-help@brooklyn.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@brooklyn.apache.org Delivered-To: mailing list dev@brooklyn.apache.org Received: (qmail 32525 invoked by uid 99); 20 Oct 2016 11:34:50 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Oct 2016 11:34:50 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 5CC3ADFEDA; Thu, 20 Oct 2016 11:34:50 +0000 (UTC) From: neykov To: dev@brooklyn.apache.org Reply-To: dev@brooklyn.apache.org References: In-Reply-To: Subject: [GitHub] brooklyn-server issue #153: [WIP] Add support for JSR-223 scripting of effec... Content-Type: text/plain Message-Id: <20161020113450.5CC3ADFEDA@git1-us-west.apache.org> Date: Thu, 20 Oct 2016 11:34:50 +0000 (UTC) archived-at: Thu, 20 Oct 2016 11:34:52 -0000 Github user neykov commented on the issue: https://github.com/apache/brooklyn-server/pull/153 Looks like it's possible to secure a script engine so it can run any 3d party scripts, but it's language spefic, there's nothing in JSR-223 that we can rely on. See what it would take to secure a Rhino engine in http://codeutopia.net/blog/2009/01/02/sandboxing-rhino-in-java/. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---