Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

runtime.exec with servlet  RSS feed

 
victor piterson
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello to all,
i have mad an online compiler in servlet and jsp.
in it i used Runtime.exec() method for javac and java with uploaded file.
now my problem is that if any body load any java file which is making folder or file with infinite loop
and if my application runs it with "java command" then it will fill my server completely.


i want to know can i set permission for a servlet which is using



so that the servlet only runs the program but not able to make any folder or any file on server.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My first thought (and probably the best answer I can give) is: DON'T DO THAT.
I would never want to let someone upload, compile, and run strange code on one of my servers.

That being said you might want to look into Java security policies and/or JAAS so you can create a sandbox environment for this foreign code.
Java security allows you to define, at a very granular level, what a program can and can't do. This includes disk io, networking, etc...

See:
http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html


But really, take another look at my first answer.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!