In my program I try to allow any user to write own code (event handler
here) to be loaded and included automatically.
To enhance security, can I prevent the author to use specific
functions like eval, exec, File.* and so on?
If I can, is it then secure? My goal is to let the author only write
handler functions that return something but he must not for example
modify the system classes, write files, do network and something like
that..
On Sun, 22 Aug 2004 21:05:48 +0900, Dominik Werder <dwerder@gmx.net> wrote:
Hello!
In my program I try to allow any user to write own code (event handler
here) to be loaded and included automatically.
To enhance security, can I prevent the author to use specific
functions like eval, exec, File.* and so on?
If I can, is it then secure? My goal is to let the author only write
handler functions that return something but he must not for example
modify the system classes, write files, do network and something like
that..
ts writes:
> >>>>> "D" == Dominik Werder <dwerder@gmx.net>
writes:
>
> > To enhance security, can I prevent the author
to use specific
> > functions like eval, exec, File.* and so on?
>
> Look at $SAFE
is that like perl's Safe module, with configurable
departments
for evaluation ?
Klaus Schilling
----------------------------------------
-- Name: David Ross
-- Phone: 865.539.3798
-- Email: drossruby [at] yahoo [dot] com
----------------------------------------