On 6/28/07, Charles Oliver Nutter <[EMAIL PROTECTED]> wrote:
The idea is that Ruby's professed safety checks are so unlikely to actually be safe that they're not even worth implementing. But we'd like some safety mechanism, yes? Thoughts?
Hi Charles, it seems that JRuby is used by lots of people, but very few of them have expressed the need for Safe and Taint. Seems like you could drop them very without regret. Some advanced users may want to go beyond, and they'll have to use Java security mechanisms (as you advised me at the Kaigi). It'd be great to have identical sandboxing capabilities in Ruby and JRuby, you and Thomas are in contact with Sasada-san, that's great if you can reach synch with Ruby [1.9.x] so that our applications (relying on sandboxing) can work on Ruby and JRuby without adaptation.
I would propose that Ruby's SAFE levels be redefined in JRuby to represent something equivalent in the JVM, using JVM security mechanisms. So they won't be identical, but they'll provide a similar mechanism under JRuby to prevent certain types of operations.
That'd be great for now. 2 months back I had the impression to be the only one having a need for Safe and Taint. Your userbase / community has grown a lot, didn't someone else come with a request for that ? Best regards, -- John Mettraux -///- http://jmettraux.openwfe.org --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
