Skip to content


vipulnsward edited this page Jun 28, 2012 · 3 revisions

» JRuby Project Wiki Home Page       » Design: Internals

Ruby/JRuby Security

A new implementation to replace Safe/Taint, since Safe and Taint do not work and provide a false sense of security. There are two options: Using a Sandbox type environment or a permission-based protocol. The Sandbox has been around since Java 1.0 and was found to be good only at a macro level. For finer grained control, the Permission class and AccessControl class were introduced in Java 1.2.

Having a Permission based security implementation would be ideal.


  • It must be something that can be implemented in MRI/KRI, possibly using the same API/mechanisms used right now.
  • It must not introduce overhead back into the system like taint/safe does now.
  • Security should be based on addition of rights instead of the removal of them.
  • Fine-grained control should be allowed for distributed programming. For example, DRb
Possible Solutions
  • Keep the current Implementation of Safe and Taint.
  • A sandbox based on the same principles as the Java Sandbox.
    Here is a sandbox base for MRI:
  • Use a Permission based architecture such as Java 1.2 and later.
Clone this wiki locally