Skip to content

How to implement security with enabled liveConnect #1045

Answered by rPraml
rPraml asked this question in Q&A
Discussion options

You must be logged in to vote

Thanks for your feedback. I read a lot about JEP411, for example
https://www.mail-archive.com/search?l=security-dev@openjdk.java.net&q=subject:%22JEP411%5C%3A+Missing+use%5C-case%5C%3A+Monitoring+%5C%2F+restricting+libraries%22&o=newest&f=1
and there are others that rely on SecurityManager.

I understand the pros and cons, but in the moment I'm afraid that the SM will be removed without replacement.
That's why I sorted out things here to be prepared for JEP411: #1068

By default, Rhino has no built-in APIs that can do anything other than manipulate what is inside the world of Rhino. If Rhino is initialized using InitSafeStandardObjects, then the main risks in this situation are:
A) A scrip…

Replies: 3 comments 1 reply

Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
1 reply
@tonygermano
Comment options

Comment options

You must be logged in to vote
0 replies
Answer selected by rPraml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
docs Issues containing stuff that ought to be documented
4 participants