org.autoplot.Sandbox
Security Manager which allows Autoplot access to:
- read and write files under HOME/autoplot_data
- read and write files under HOME/.java/.userprefs
Imagined attacks which are still possible:
- this does nothing to prevent a non-blacklisted file
(for example /home/jbf/.profile) and then a post to send the data to
a remote site.
Presently this just logs access. Level FINER implies that the property
access would be okay, and FINE implied this needs to be studied more.
Sandbox( )
enterSandbox
enterSandbox( ) → void
lock down this thread and all child threads so that they cannot do damage
to the running system.
Returns:
void (returns nothing)
[search for examples]
[view on GitHub]
[view on old javadoc]
[view source]
getSandboxManager
getSandboxManager( ) → java.lang.SecurityManager
return a security manager which allows:
- read from anywhere besides a blacklist
- write to anywhere in whitelist
- any network activity
- any property read
This is likely to change from the implementation as things develop, so
please review this code if you must know precisely, or perform
experiments until you are satisfied with its operation.
Returns:
a java.lang.SecurityManager
[search for examples]
[view on GitHub]
[view on old javadoc]
[view source]