views:

56

answers:

2

I know the interface of the .class file

lets say Boolean xy(); is the only method.

I want to execute the method of an unknown .class file which implements that interface on my server.

The Method should be able to call some Methods of my classes.

How can i be assured or test that no dangerous stuff is executed in the method?

+5  A: 

These situations are what the Java Security Manager was designed for.

Kevin
+1  A: 

If you are allowing strangers to execute code on your system then you are going to be Hacked. That is the exact definition of a remote code execution exploit. If you wrote this class, then there isn't an attacker there for there is nothing to worry about.

You can execute bad code within a sandbox. For instance you can setup a virtual machine like VMWare to execute the nasty code, and then you can just revert the changes or boot up a fresh system. VMWare is heavily used in the analysis of malware. VMWare is also used in the creation of HoneyPots which are machines created to be broken into so that White Hat hackers can see what the Black hats are doing to compromised machines.

Rook