On Thu, 05 Feb 2004 11:03:36 -0500, "Thomas DeWeese" <[EMAIL PROTECTED]> said: > > ... however my > understanding is that script security is implemented using the Java > 2 Security model in particular it puts _all_ the rhino classes in the > sand box[*]. I'm sure that a second set of eyes looking at this to > make sure we are doing it correctly would be greatly appreciated.
This can not be true as far as I can see. From Rhino usage in RhinoInterpreter it follows that Batik uses the default compilation mode in Rhino that compiles JavaScript to JVM bytecode, loads the generated classes and then let JVM execute them. It means that Rhino classes can at least create ClassLoader instances. Now due to bugs in class loader implementations in many released JVMs (Sun JVMs <= 1.4.1 that I checked has this bug) it also means that Rhino code can potentially gain AllPermissions. This is in turn means that pure JavaScript script can gain AllPermissions due to problematic implementation of SecurityController. > > [*] This does have some unfortunate side effects like the debugger > can only be used when 'secure scripting' is off - not usually a > problem since most people debug there own code - but still annoying. What exactly the problem with it? Regards, Igor --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
