Subj : Re: Rhino security cookbook for untrusted javascript? To : Norris Boyd From : Jan Grant Date : Wed May 04 2005 10:02 pm On Wed, 4 May 2005, Norris Boyd wrote: > Take a look at ClassShutter > (http://www.mozilla.org/rhino/apidocs/org/mozilla/javascript/ClassShutter.html) > and SecurityController > (http://www.mozilla.org/rhino/apidocs/org/mozilla/javascript/SecurityController.html). > > ClassShutter can be used to control visiblity of classes to untrusted > JavaScript classes and is the recommended approach rather than just deleting > the top-level objects like "Packages" and "java". It appears that ClassShutter does about 95% of what I'm after; that's great. > SecurityController implements three main pieces of functionality for security > in JavaScript. From the javadoc: "First, it must be possible to define classes > with an associated security domain. (This security domain may be any object > incorporating notion of access restrictions that has meaning to an embedding; > for a client-side JavaScript embedding this would typically be > java.security.ProtectionDomain or similar object depending on an origin URL > and/or a digital certificate.) Next it must be possible to get a security > domain object that allows a particular action only if all security domains > associated with code on the current Java stack allows it. And finally, it must > be possible to execute script code with associated security domain injected > into Java stack." > > I'm not familiar with SecurityController so I can't speak to the situations > when you'd need it beyond what's in the javadoc. Well, the other problem I'm facing is that the following snippet of javascript still works ("raw" is bound to an external java object): var anotherObject = raw.getClass().newInstance(); // doh! .... I might summarise what I'm after as this: I really don't want the user to be scripting java using javascript; all I'm interested in is them being able to script the objects I expose explicitly, with none of this other jiggery-pokery. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44 (0)117 9287088 (with luck) http://ioctl.org/jan/ Prolog in JavaScript: http://ioctl.org/logic/prolog-latest .