Re: [Taverna-hackers] security issue in remote execution service

Mon, 10 Aug 2009 09:59:24 -0700

As this is Java, you should also be able to restrict Java security permissions on just the beanshell code. See 

http://java.sun.com/javase/6/docs/api/java/security/ProtectionDomain.html

Regards,

Paul

Stian Soiland-Reyes wrote:

A beanshell script can execute any code - so you should not allow
random people to run unknown workflows.

Also the service itself should run with as little privileges as
possible, ie. not as a real user and for sure not as
root/administrator - and preferably in a virtual machine which you can
reset every night or something.



On Fri, Aug 7, 2009 at 20:09, Wei Tan<[email protected]> wrote:

Hi,

  I am curious on the security concern of the taverna remote execution
service.
What if there is malicious code in beanshell activities in a workflow?

  Best regards,

Wei

--
Wei Tan, Ph.D.
Computation Institute
the University of Chicago|Argonne National Laboratory
http://www.mcs.anl.gov/~wtan


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
taverna-hackers mailing list
[email protected]
Web site: http://www.taverna.org.uk
Mailing lists: http://www.taverna.org.uk/taverna-mailing-lists/
Developers Guide: http://www.mygrid.org.uk/tools/developer-information






------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
taverna-hackers mailing list
[email protected]
Web site: http://www.taverna.org.uk
Mailing lists: http://www.taverna.org.uk/taverna-mailing-lists/
Developers Guide: http://www.mygrid.org.uk/tools/developer-information

Reply via email to