A beanshell script can execute any code - so you should not allow random people to run unknown workflows.
Also the service itself should run with as little privileges as possible, ie. not as a real user and for sure not as root/administrator - and preferably in a virtual machine which you can reset every night or something. On Fri, Aug 7, 2009 at 20:09, Wei Tan<[email protected]> wrote: > Hi, > > I am curious on the security concern of the taverna remote execution > service. > What if there is malicious code in beanshell activities in a workflow? > > Best regards, > > Wei > > -- > Wei Tan, Ph.D. > Computation Institute > the University of Chicago|Argonne National Laboratory > http://www.mcs.anl.gov/~wtan > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > taverna-hackers mailing list > [email protected] > Web site: http://www.taverna.org.uk > Mailing lists: http://www.taverna.org.uk/taverna-mailing-lists/ > Developers Guide: http://www.mygrid.org.uk/tools/developer-information > -- Stian Soiland-Reyes, myGrid team School of Computer Science The University of Manchester ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ taverna-hackers mailing list [email protected] Web site: http://www.taverna.org.uk Mailing lists: http://www.taverna.org.uk/taverna-mailing-lists/ Developers Guide: http://www.mygrid.org.uk/tools/developer-information
