Ruby_JRubySecurity

vipulnsward edited this page Jun 28, 2012 · 3 revisions

» JRuby Project Wiki Home Page       » Design: Internals

Ruby/JRuby Security

A new implementation to replace Safe/Taint, since Safe and Taint do not work and provide a false sense of security. There are two options: Using a Sandbox type environment or a permission-based protocol. The Sandbox has been around since Java 1.0 and was found to be good only at a macro level. For finer grained control, the Permission class and AccessControl class were introduced in Java 1.2.

Having a Permission based security implementation would be ideal.

Requirements

  • It must be something that can be implemented in MRI/KRI, possibly using the same API/mechanisms used right now.
  • It must not introduce overhead back into the system like taint/safe does now.
  • Security should be based on addition of rights instead of the removal of them.
  • Fine-grained control should be allowed for distributed programming. For example, DRb
Possible Solutions
  • Keep the current Implementation of Safe and Taint.
  • A sandbox based on the same principles as the Java Sandbox.
    Here is a sandbox base for MRI: http://code.whytheluckystiff.net/sandbox.
  • Use a Permission based architecture such as Java 1.2 and later.
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.