T
Thomas G. Marshall
I'm writing an app that will implement a plugin architecture. Furthermore,
it is also going to use a plug-in like facility to manage internal scripts.
This means that the application will freely accept jars of .class's written
by others.
Does the security manager + reflection classes allow a sandbox to contain
such pluggins? Is there something else that allows me to do this other than
programmatically sniffing through the code looking for access to potentially
dangerous classes like, oh, File?
I don't want to have a 3rd party send in a malicious plugin that ends up
erasing someone's disk, or drops in a virus, etc.
it is also going to use a plug-in like facility to manage internal scripts.
This means that the application will freely accept jars of .class's written
by others.
Does the security manager + reflection classes allow a sandbox to contain
such pluggins? Is there something else that allows me to do this other than
programmatically sniffing through the code looking for access to potentially
dangerous classes like, oh, File?
I don't want to have a 3rd party send in a malicious plugin that ends up
erasing someone's disk, or drops in a virus, etc.