Uploaded image for project: 'Jalview'
  1. Jalview
  2. JAL-900

groovy scripts executed from a URL are not run in a security sandbox

    XMLWordPrintable

    Details

      Description


      The fix for JAL-899 allowed groovy scripts to be executed by Jalview when their URL is passed in via the 'groovy' parameter. However, groovy scripts executed in this way have full access to the users machine, which is a security risk. A mechanism is needed to inform the user of potential risks, and if necessary, run the script in a sandbox (which can be done by passing in a java permissions object like : http://chrismoos.com/2010/03/24/groovy-scripts-and-jvm-security/ ).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jprocter Jim Procter
              Reporter:
              jprocter Jim Procter
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated: