2010/3/16 Raphaël Flores <[email protected]>: > I'm wondering about security of beanshells included into workflows. We > consider doing a service allowing users to upload their own scufl on our > server in order to execute these workflows and returning them the results of > the executed workflow. But we don't know about beanshell content, so if the > workflow contains beanshell, is there a security mechanism into Taverna or > Beanshell that would avoid any evil use ?
No, any beanshell scripts are allowed. You should either not allow beanshell scripts, or only allow pre-approved workflows. (For a discussion on beanshell sandboxing, see http://www.mygrid.org.uk/dev/issues/browse/T2-421 - one of the challenges is that many current beanshells do file and network operations) -- Stian Soiland-Reyes, myGrid team School of Computer Science The University of Manchester ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ taverna-hackers mailing list [email protected] Web site: http://www.taverna.org.uk Mailing lists: http://www.taverna.org.uk/taverna-mailing-lists/ Developers Guide: http://www.mygrid.org.uk/tools/developer-information
