[jira] [Commented] (TINKERPOP-891) Re-examine Sandboxing Abstractions

Mon, 03 Apr 2017 13:13:00 -0700 

    [ 
https://issues.apache.org/jira/browse/TINKERPOP-891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15954092#comment-15954092
 ] 

ASF GitHub Bot commented on TINKERPOP-891:
------------------------------------------

Github user spmallette commented on the issue:

    https://github.com/apache/tinkerpop/pull/179
  
    I don't see a reference to `methodBlackList` in this PR, but if we were to 
just reduce the question to why do we have whitelisting and no blacklisting 
then I think I could probably answer that.  I'd rather not support blacklisting 
in TinkerPop, as it just seems to lead people into thinking they have a secure 
solution when they soon learn that they'd forgotten yet another harmful entry 
to blacklist. 
    
    I think that the whitelist works really well in TinkerPop, because the base 
list of classes required to execute Gremlin is small (and really that's all we 
care about from TinkerPop's perspective). Whitelisting tends to work best in 
cases like this as it assumes everything is bad except for this small, easy to 
maintain list.  Since whitelisting fits this situation so well, a blacklist 
feels a bit useless - extra code without purpose which we try to avoid. 
    
    Obviously, we do have the `SimpleSandboxExtension` which does some basic 
blacklisting but it's mostly for demonstration and for basic protection from 
the worst of the worst `System.exit()`. 
    
    Does that make sense? 



> Re-examine Sandboxing Abstractions
> ----------------------------------
>
>                 Key: TINKERPOP-891
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-891
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: groovy
>    Affects Versions: 3.0.2-incubating
>            Reporter: stephen mallette
>            Assignee: stephen mallette
>            Priority: Minor
>             Fix For: 3.1.1-incubating
>
>
> The sandboxing abstractions are not so good a set of building blocks as I'd 
> once thought. Helper methods aren't in the right places and more flexibilty 
> is required in managing methods/variables than just simple filters.  Need to 
> develop more concrete actions on this still. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to