Uploaded image for project: 'Jalview'
  1. Jalview
  2. JAL-900

groovy scripts executed from a URL are not run in a security sandbox

    XMLWordPrintable

    Details

      Description


      The fix for JAL-899 allowed groovy scripts to be executed by Jalview when their URL is passed in via the 'groovy' parameter. However, groovy scripts executed in this way have full access to the users machine, which is a security risk. A mechanism is needed to inform the user of potential risks, and if necessary, run the script in a sandbox (which can be done by passing in a java permissions object like : http://chrismoos.com/2010/03/24/groovy-scripts-and-jvm-security/ ).

        Attachments

          Issue Links

          depends on

          Improvement - An improvement or enhancement to an existing feature or task. JAL-899 groovy script execution from URL

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              Assignee:
              jprocter James Procter
              Reporter:
              jprocter James Procter
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated: