I'm loading flash ad-banners inside my all flash site with Loader. I have no control over the code inside the banners as they come from advertisers. I'd like to load them so that there is no way they can mess up the mouse events on the site outside their limited area. Sloppy code on advertisers banner should not kill my site's function...
When embedding a JavaScript interpreter (Rhino) into a Java application (to be able to script that application), how would one go about restricting the Java packages that are available to scripts? For example, only "java.lang.*" should be accessible. ...
I'm developing a system that allows developers to upload custom groovy scripts and freemarker templates. I can provide a certain level of security at a very high level with the default Java security infrastructure - i.e. prevent code from accessing the filesystem or network, however I have a need to restrict access to specific methods. ...
I have a C# application the performs some runtime compilation of source files containing calculations into dynamic assemblies. Obviously this presents a serious security issue. From the following 'formula', the code below would be generated, and a dynamic assembly created: Formula: Int32 _index = value.LastIndexOf('.'); String _retVal...
I really like the concept of modular bundles as implemented by OSGi. I also like "managed deployment" services like Google AppEngine (for web application) or Java WebStart (for client software). These two ideas seem to complement each-other rather well conceptually. However, the OSGi standard includes a couple of features that make i...
I'm running a sort of "sandbox" in C on Ubuntu: it takes a program, and runs it safely under the user nobody (and intercepts signals, etc). Also, it assigns memory and time limits, and measures time and memory usage. (In case you're curious, it's for a sort of "online judge" to mark programs on test data) Currently I've adapted the safe...
I'm attempting to provide a script-only solution for reading the contents of a file on a client machine through a browser. I have a solution that works with Firefox and Internet Explorer. It's not pretty, but I'm only trying things at the moment: function getFileContents() { var fileForUpload = document.forms[0].fileForUpload; ...
I need to call some semi-trustworthy Java code and want to disable the ability to use reflection for the duration of that code's execution. try{ // disable reflection somehow someObject.method(); } finally{ // enable reflection again } Can this be done with a SecurityManager, and if so, how? Clarification/Context: This is ...
I want to make a web service that run other people code locally... Naturally, I want to limit their code access to certain "sandbox" directory, and that they wont be able to connect to other parts of my server (DB, main webserver, etc) Whats the best way to do it? Run VMware/Virtualbox: (+) I guess it's as secure as it gets.. even if ...
Let's say I'm running a hosted service that wishes to allow plugins written by third-party clients. Perhaps a gaming service provider that provides infrastructure but allows clients to develop their own game referees. Or, a coding competition site that allows coders to submit code to be run as their solution to some coding problem. ...
Hello, I am using create_function to run some user-code at server end. I am looking for any of these two: Is there a way to sanitize the code passed to it to prevent something harmful from executing? Alternately, is there a way to specify this code to be run in a sandboxed environment so that the user can't play around with anything ...
Can I do a search of the iPhone filesystem from within an application? I need to search an iPhone OS device and return a list of all apps installed on an iPhone OS device. I am fairly aware of Apple's restrictions and rules concerning what apps can and mostly cannot do outside of the sandbox -- and know that aside from the Photo Album an...
I come from a C/C++ background and now do a lot of C# stuff. Lately I have become interested in doing some projects in Java since playing around with the Android SDK. I know that Java apps run in a sandbox that can limit their access to the system. In a desktop/server application environment what kind of things are restricted? ...
I'd like to build a C pre-processor / compiler that allows functions to be collected from local and online sources. ie: #fetch MP3FileBuilder http://scripts.com/MP3Builder.gz #fetch IpodDeviceReader http://apple.com/modules/MP3Builder.gz void mymodule_main() { MP3FileBuilder(&some_data); } That's the easy part. The hard part is I...
Hi, Except for Caja(which is Java based) is there a simple javascript implementation for sandboxing iframes? ...
Hi, I've built a repository and I want to run a bunch of tests on it to see what the functions return. I'm using Visual Studio 2008 and I was wondering if there's any sandbox I can play around in (Whether in visual studio 2008 or not) or if I actually have to build a mock controller and view to test the repository? Thanks, Matt ...
Flash Player 10 specifies: "Redirects to policy files outside the originally requested domain will continue to cause policy files to be ignored by Flash Player." Is there a way to access policy files outside the domain? ...
I currently work in a web shop with almost no formal processes and a million PHP websites, including tricky stuff like custom CMS and shopping cart code. We are trying to improve things. I am pushing for CVS/SVN. My question is, what is the best practice for sandboxing website work? We are on the LAMP stack. Some of our sites have h...
I writing an app for the iphone and I would like to save an image from it as the default.png for the next invocation. Is this possible? It seems as if the sandbox doesn't allow you to overwrite anything in its local filesystem. ...
Is there a way to load a .NET Assembly into a Sandbox environment that is also restricted in custom ways? I know you can run an Assembly in a different AppDomain, but can you limit it from being able to do certain things that you want to restrict? For example: I want to be able to load up a Plugin (simple, just defined via a specific in...