[MUD-Dev] Re: Scripting Design Notes

[Vadim Tkachenko]

Chris Gray wrote:
> 
> [Mike L Kesl:]
> 
>  >I am considering using jPython <http://www.python.org>. The other
>  >consideration is to allow contributors to use java in a secure way
>  >using a hard coded api of appropriate scripting functions. I think
>  >something that is purely interpreted would be nice, but I am not sure
>  >if that is theoretically possible in a purely platform independent
>  >project, unless of course if the interpreter is written in java, which
>  >could mean a class library in the case of jPython, I am not sure.
>  >Otherwise we would have to write our own interpreter for the java
>  >method. This method would really only try to compile the script, making
>  >the java runtime environment do most of the work. More investigation of
>  >Java Python is necessary, and perhaps other languages.
> 
> Well, if you use Java, your scripting language *is* portable, but likely
> more powerful than you want. Where will the scripted code run? Most
> likely in the server, in which case things like all of 'awt' should
> be disallowed. Likely also all of the IO stuff. You could take the
> Java source they write and wrap it inside some special stuff that
> imports a bunch of utility routines that you *do* want them to be able
> to use, then compile the result. 

Java has a concept of a security manager - you can write your own and
install it underneath your code - ONCE. Anyone who will try to do it
second time will be shot on sight, I mean will get the
SecurityException.

The granulation of the security manager is up to the implementor, so you
may [dis]allow whatever you want.

Thus, your system is safe from the user[s]. Not your server runtime
process, though.

> However, you are still vulnerable.

Can you please elaborate on that?

> Chris Gray     cg at ami-cg.GraySage.Edmonton.AB.CA

--
Still alive and smile stays on,
Vadim Tkachenko <vt at freehold.crocodile.org>
--
UNIX _is_ user friendly, he's just very picky about who his friends are