I am writing an application which allow users of my application to extend it using Clojure.开发者_开发知识库 The Clojure is entered via a web page in the application and "evaled" to run. My question is how can I sandbox this code entered by the users so that it does not corrupt anything or call System.exit or anything like that?
There's a library for that. lazybot in the Clojure IRC chanel uses it. You can find it here: https://github.com/flatland/clojail
You should be able to constrain access to code by configuring JDK level permissions. Have a look at the RuntimePermission settings, there's for example a direct setting to inhibit halting the JVM (e.g. System.exit
).
精彩评论