The easiest way (and the preffered one) should be writing security manager. Then you
haven't to modify (gnu)JSP implementation.
1) Write class derived from java.lang.SecurityManager
2) invoke System.setSecurityManager(instance) - this can be invoked ONLY once
otherwise SecurityException will be thrown
I don't have time to implement it myself.
Stepan
Luc Saint-Elie wrote:
> Hello,
>
> Someone asked me this, does anybody have an answer ?
>
> Thanks in advance:
>
> ------------
> Now, i need some help too, the idea is to have free jsp hosting on
> altern.org when it will reborn (end of april) like it was doing free php2
> before.
> Problem is about hostile jsp wich have to be sandboxed somehow. I did
> this for php2 by tweakings;
> - exec'uting binaries is impossible.
> - .php files cannot open files outside their directory.
> To what i have seen i'd need to modify gnujsp to implement that in the
> servlet. But i hate to do things someone has allready done and this has
> probably been done before. And i dont know java much,
> more used to --*i++ alike.
> If you have some idea about sandboxing jsp's, i'd love to hear about.
> -------------
>
> +------------------------------------------------+
> | Luc Saint-Elie |
> | 53, rue Caulaincourt |
> | 75018 Paris France |
> | Tel: 01 42 52 09 62 / 06 12 90 19 65 |
> | email : [EMAIL PROTECTED] |
> +------------------------------------------------+
> | Servlet Taverne a site devoted to servlets |
> | ..and looking for a free servlet hosting :-) |
> | url : http://interpasnet.hypermart.net/JSS |
> +------------------------------------------------+
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff JSP-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
