Tim Starling wrote: > I think Rhino would be an easier path to JavaScript execution than > SpiderMonkey. You can pass an -Xmx option to the java VM, and it'll > throw an OutOfMemory exception when it hits that limit, allowing you > to implement per-snippet memory limits without killing the > interpreter. You could do wall-clock time limits using > java.util.Timer, or CPU time limits using a JNI hack to poll clock(). > You could turn off LiveConnect by making your own ClassShutter, > leaving what (on initial impressions) is a reasonably secure sandbox.
Freebase is apparently doing their server-side JS work with Rhino and have actually modified their JVM to handle some of the resource limiting. > Running scripts in the Java VM has the advantage that you don't have > to rely on the security of the collection of amateurish C code that is > PHP. Remember those PCRE crash bugs that went unfixed for years, > before someone finally demonstrated elevation to arbitrary execution? *shudder* -- brion _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
