dgarus commented on a change in pull request #8237:
URL: https://github.com/apache/ignite/pull/8237#discussion_r494065805
##########
File path: docs/_docs/security/sandbox.adoc
##########
@@ -0,0 +1,80 @@
+= The Ignite Sandbox
+
+== Overview
+Ignite allows using a user-defined code that can be a compute job, event
filter, message listener, etc.
Review comment:
Great I like your version!
##########
File path: docs/_docs/security/sandbox.adoc
##########
@@ -0,0 +1,80 @@
+= The Ignite Sandbox
+
+== Overview
+Ignite allows using a user-defined code that can be a compute job, event
filter, message listener, etc.
+This user-defined code can utilize Java features to get access to host
resources.
+For example, it can create/update/delete files; create sockets;
read/update/delete system properties; use reflection API and so on.
+To restrict user-defined code options you may use the Ignite Sandbox based on
the Java Sandbox model.
+
+You can read about the Java Sandbox model
link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank].
+
+== Ignite Sandbox activation
Review comment:
ok
##########
File path: docs/_docs/security/sandbox.adoc
##########
@@ -0,0 +1,80 @@
+= The Ignite Sandbox
+
+== Overview
+Ignite allows using a user-defined code that can be a compute job, event
filter, message listener, etc.
+This user-defined code can utilize Java features to get access to host
resources.
+For example, it can create/update/delete files; create sockets;
read/update/delete system properties; use reflection API and so on.
+To restrict user-defined code options you may use the Ignite Sandbox based on
the Java Sandbox model.
+
+You can read about the Java Sandbox model
link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank].
+
+== Ignite Sandbox activation
+
+There are some conditions to activate the Ignite Sandbox.
+
+- The first condition is _the SecurityManager must be installed_.
Review comment:
ok
##########
File path: docs/_docs/security/sandbox.adoc
##########
@@ -0,0 +1,80 @@
+= The Ignite Sandbox
+
+== Overview
+Ignite allows using a user-defined code that can be a compute job, event
filter, message listener, etc.
+This user-defined code can utilize Java features to get access to host
resources.
+For example, it can create/update/delete files; create sockets;
read/update/delete system properties; use reflection API and so on.
+To restrict user-defined code options you may use the Ignite Sandbox based on
the Java Sandbox model.
+
+You can read about the Java Sandbox model
link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank].
+
+== Ignite Sandbox activation
+
+There are some conditions to activate the Ignite Sandbox.
Review comment:
ok
##########
File path: docs/_docs/security/sandbox.adoc
##########
@@ -0,0 +1,80 @@
+= The Ignite Sandbox
+
+== Overview
+Ignite allows using a user-defined code that can be a compute job, event
filter, message listener, etc.
+This user-defined code can utilize Java features to get access to host
resources.
+For example, it can create/update/delete files; create sockets;
read/update/delete system properties; use reflection API and so on.
+To restrict user-defined code options you may use the Ignite Sandbox based on
the Java Sandbox model.
+
+You can read about the Java Sandbox model
link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank].
+
+== Ignite Sandbox activation
+
+There are some conditions to activate the Ignite Sandbox.
+
+- The first condition is _the SecurityManager must be installed_.
+
+Due to the fact, that Ignite Sandbox is based on the Java Sandbox model, and
the SecurityManager is an important part of that model, you need to have it
installed.
+The SecurityManager is responsible for checking, which security policy is
currently in effect. It also performs access control checks.
+The security manager is not automatically installed when an application is
running. If you run Ignite as a separate application,
+you must invoke the Java Virtual Machine with the `-Djava.security.manager`
command-line argument (which sets the value of the `java.security.manager
property`).
+There is also a -Djava.security.policy command-line argument, defining, which
policy files are utilized.
+If you don't include `-Djava.security.policy` into the command line, then the
policy files specified in the security properties file will be used.
+
+You can read more about Security Management
link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[here,window=_blank].
+
+NOTE: It may be convenient adding the security manager and the policy
command-line arguments to `{IGNITE-HOME}/bin/ignite.sh|ignite.bat` script.
+Read more about link:/quick-start/java#starting_a_node[starting a node].
+
+NOTE: Ignite should have enough permissions to work correctly.
+You may apply the most straightforward way that is granting to Ignite the
`java.security.AllPermission` permission,
+but you should remember the "giving permissions as low as possible" security
principle.
+
+- The second condition to activate the Ignite Sandbox is _an implementation of
the `GridSecurityProcessor` interface must be installed_.
Review comment:
ok
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
