commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Libbrecht <>
Subject [jelly] sandboxed jelly anyone ?
Date Thu, 06 Oct 2005 11:52:17 GMT


Jelly would play a lovely role in our database infrastructure... 
namely... that of being able to run a set of queries and become, thus, 
a query language that would produce XML documents as results of several 
(possibly many) queries.
Such queries and their results would then be well transmittable 
remotely except that... jelly would be a powerful security hole if it 
could as much as traditional jelly can do.

Did anyone experience with sandboxing the classes that run jelly?
Is it as simple passing the rightly-configured classloader to the 
JellyContext class and let jelly classes only be loaded from this 
classloader ?? Will there be security checks then done on any methods 
called from such a class then ?

thanks for ideas


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message