Hello,

Jelly would play a lovely role in our database infrastructure... 
namely... that of being able to run a set of queries and become, thus, 
a query language that would produce XML documents as results of several 
(possibly many) queries.
Such queries and their results would then be well transmittable 
remotely except that... jelly would be a powerful security hole if it 
could as much as traditional jelly can do.

Did anyone experience with sandboxing the classes that run jelly?
Is it as simple passing the rightly-configured classloader to the 
JellyContext class and let jelly classes only be loaded from this 
classloader ?? Will there be security checks then done on any methods 
called from such a class then ?

thanks for ideas

paul


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org