On May 6, 2010, at 20:57 , Anniepoo wrote: > Mibu - I've kind of gone around this track as well. > My first reaction to the 'whitelist' was that it was kind of kludgy, > and fought it for a long time, but after a lot of looking for other > ways, I'm with Licenser, it's the best way to do it. Whitelists are indeed the only way to go, blacklists are not a option since it is too easy to forget something and the only other thing left I can imagine is a smart sandbox that works with actually understanding the code and I'm not quite done with that yet :P..
> And yes, you have to disable java interop not because you can't > sandbox java but because it makes a backdoor to allow execution of > arbitrary clojure. I don't think you have to disable it, just restrict it since you can indeed police java code just good as clojure code. clj-sandbox works at the 'top' of a function so if a function x is whitelisted and x calls something that isn't - it still allows x. This is not a but but a feature here, it does this for a good reason, being that often you want to wrap a generally insecured function in a secure wrapper allowing the sandbox limited access to this functionality. Regards, Heinz -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
