dmagda commented on a change in pull request #8237: URL: https://github.com/apache/ignite/pull/8237#discussion_r489034740
########## File path: docs/_docs/security/sandbox.adoc ########## @@ -0,0 +1,31 @@ += The Ignite Sandbox + +== Overview +Ignite allows using a user-defined code that can be a compute job, event filter, message listener, etc. +This user-defined code can utilize Java features to get access to host resources. +For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. +To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. + +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. + +There are a few conditions to run user-defined code with restrictions: + +- link:/security/authentication[GridSecurityProcessor] is installed; +- the method _GridSecurityProcessor#sandboxEnabled_ returns true; +- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. + + +If the Ignite Sandbox is turned on, you can see the following trace line: Review comment: The section does a good job explaining what this feature is for but lacks instructions that show how to enable the sandbox and how to use it together with the Java Sandbox model. There are many references to the latter and a code sample might be useful. Could you please add the following to the doc: - Activation: API or command to enable/disable the sandbox - Configuration: How to set up the sandbox based on the Java Sandbox model - Usage: (optional but would make the docs stronger) a code snippet based on the Java Sandbox throwing an exception if user code violates any restrictions. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
