dgarus commented on a change in pull request #8237: URL: https://github.com/apache/ignite/pull/8237#discussion_r490772636
########## File path: docs/_docs/security/sandbox.adoc ########## @@ -0,0 +1,31 @@ += The Ignite Sandbox + +== Overview +Ignite allows using a user-defined code that can be a compute job, event filter, message listener, etc. +This user-defined code can utilize Java features to get access to host resources. +For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. +To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. + +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. + +There are a few conditions to run user-defined code with restrictions: + +- link:/security/authentication[GridSecurityProcessor] is installed; +- the method _GridSecurityProcessor#sandboxEnabled_ returns true; +- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. + + +If the Ignite Sandbox is turned on, you can see the following trace line: Review comment: Hello, Denis! Thank you for your feedback! I tried to solve your comments. Could you please have a look? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
