Hi Wesley, Oh yes that helps. thanks for the clear response. I still feel there can be more potential risks that the application code can create in addition to what you have put on the link. For example a piece of code can keep on creating new Objects in an infinite loop causing a huge memory consumption. There can be many more such issues. How does the secured sandbox takes care of all this? i am curious to know how this has been addressed ?
Regards, Siddharth On Dec 31, 4:23 am, "Wesley Chun (Google)" <[email protected]> wrote: > greetings siddharth! > > all applications are run from a secure JVM. on the overview page of > the official documentation, we state the following: > > The JVM runs in a secured "sandbox" environment to isolate your > application for service and security. The sandbox ensures that apps > can only perform actions that do not interfere with the performance > and scalability of other apps. For instance, an app cannot spawn > threads, write data to the local file system or make arbitrary network > connections. An app also cannot use JNI or other native code. The JVM > can execute any Java bytecode that operates within the sandbox > restrictions. > > for your example of System.exit(), that calls is disabled in the JVM > so it has no effect. > > for more information, please > see:http://code.google.com/appengine/docs/java/runtime.html#The_Sandbox > > hope this helps! > > -- wesley > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > "Core Python Programming", Prentice Hall, (c)2007,2001 > "Python Fundamentals", Prentice Hall, (c)2009 > http://corepython.com > > wesley.j.chun :: [email protected] > developer relations :: google app engine > > On Dec 29, 10:28 pm, Siddharth <[email protected]> wrote: > > > > > Hi, My question is about the design/architecture of Google app engine > > so i expect someone from the core team to answer this question. > > In my application, Google allows me to write any kind of code (say for > > example in Java) and finally this code is executed in a jvm which is > > shared accross applications. Now my question is how does google app > > engine ensures isolation for an application inside the shared JVM? > > Putting my question differently if i write any malicious code (for > > example System.exit(), introducing memory leak etc) in my application > > and upload to the google app engine, what will happen? I am sure > > google already handles this but my question is how? > > > Regards, > > Siddharth -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
