Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

But that can be improved. We can implement full sandboxing of expression evaluation. In that case the script will be encapsulated in a sandbox. Java platform will check for any attempts that the code could make to escape the sandbox. The check is done at run-time, there even indirect attempts of a script to do any harm can be detected and eliminated. This is a native capability of the platform and it is pretty much bulletproof. And it can apply to all the scripting languages. However, it is not vary very easy to use and we expect a lot of unexpected surprises - as they often happen when sandboxing is used in practice. Not many libraries are used or tested in sandbox environment, and therefore it is often the case that a library needs much more privileges than strictly necessary. Compiler-based checks would pass in this case, as those are only concerned with the surface of what the script is using directly. But sandbox is "defense in depth", it checks for all the action that script does directly, but also for all the effects that script's actions are causing indirectly. And those are quite difficult to predict until we get to a practical use cases. This will require a lot of time for testing and fine-tuning. But when done, this will be the ultimate cage to restrain misbehaving scripts.

...