Safe mode: Difference between revisions
Frink
(add {{omit from |Free Pascal}}) |
(Frink) |
||
Line 44:
'cgo' is Go's bridge to using C code. As such it is just as unsafe as writing C code directly.
=={{header|Frink}}==
Frink has an extensive and fine-grained security manager architecture which allows the language to disallow dangerous operations by everyone, or allow very specific operations for specific users.
The easiest way to test this is to add the <CODE>--sandbox</CODE> option when starting Frink. This enforces the strictest sandboxing mode. Similarly, when creating a Frink interpreter from Java code, the most restrictive security can be enabled by calling its <CODE><I>Frink</I>.setRestrictiveSecurity(true)</CODE> method.
<lang java>
frink.parser.Frink interp = new frink.parser.Frink();
interp.setRestrictiveSecurity(true);
</lang>
Below are some operations that can be allowed/disallowed from a custom security manager. For most of these, the permission can be restricted to allow/disallow a ''particular'' file, URL, or class, or method:
* Read a file or URL
* Call <CODE>unsafeEval</CODE>
* Import another file using <CODE>use</CODE>
* Construct a new Java object
* Call a static method on a Java class or object
* Access a static Java field
* Call a method on a Java object
* Write a field on a Java object
* Define a function
* Set a global flag
* Print to a printer
* Write a file
* Open a graphics window
* Construct an expression
* Transform an expression
* Create a transformation rule
* Set a class-level variable
=={{header|Jsish}}==
| |||