Message1086
There is way to implement security with Jython by
using Java SecurityManager but it does not provide a
means by which class level access control can be
applied.
Jython should provide some means by which the user of
Jython can specify which Java classes should be
available to scripts. Preferably, it should provide an
Interface that the interested users can implement.
Jython should call a method (from this interface)
like, visibleToScripts(fully qualified class/package
name). If it returns true then the class should be
visible to the scripts. If it returns false then the
class should not be accessible to the script. Some
form of caching can be implemented here to reduce
multiple calls to visibleToScripts() for the same
class.
I am not sure how complex this feature is to
implement. On Jython mailing lists I have seen people
saying that security wasn't in consideration while
Jython development. But I fell these kind of arguments
should now be left behind.
With the help of this proposed extension and with Java
SecurityManager a good security model can be put in
place while using Jython and would allow developers to
use Jython even where security is a concern.
~ Neeraj
|
|
Date |
User |
Action |
Args |
2008-02-20 17:17:27 | admin | link | issue1391767 messages |
2008-02-20 17:17:27 | admin | create | |
|