Ruby/JRuby Security

From JRubyWiki

Jump to: navigation, search

A new Implentation to replace Safe/Taint. Since Safe and Taint do not work and provides a false sense of security. There are two options using a Sandbox type environment or a permission based protocol. The Sandbox has been around since Java 1.0 and was found to be good only at a macro level. For finer grain control the Permission class and AccessControl Class was introduced in Java 1.2.

Having a Permission based security implementation would be ideal.


Requirements

  • it must be something that can be implemented in MRI/KRI, possibly

using the same API/mechanisms used right now.

  • it must not introduce overhead back into the system like taint/safe

does now.

  • Security should be based on additon of rights instead of the removal of them.
  • Fine Grain control should be allowed for distrubted programming. for example DRb


Possible Solutions

  • Keep the current Implementation of Safe and Taint
  • A sandbox based on the same principles as the Java Sandbox.

- Here is a sandbox based for MRI[1].

  • Use the a Permission based achitecture such as Java 1.2 and later.
Retrieved from "http://wiki.jruby.org/wiki/Ruby/JRuby_Security"
Personal tools