org.autoplot.Sandbox

Security Manager which allows Autoplot access to:

read and write files under HOME/autoplot_data
read and write files under HOME/.java/.userprefs

Imagined attacks which are still possible:

this does nothing to prevent a non-blacklisted file (for example /home/jbf/.profile) and then a post to send the data to a remote site.

Presently this just logs access. Level FINER implies that the property access would be okay, and FINE implied this needs to be studied more.

Sandbox( )

enterSandbox

enterSandbox( ) → void

lock down this thread and all child threads so that they cannot do damage to the running system.

Returns:

void (returns nothing)

[search for examples] [view on GitHub] [view on old javadoc] [view source]

getSandboxManager

getSandboxManager( ) → SecurityManager

return a security manager which allows:

read from anywhere besides a blacklist
write to anywhere in whitelist
any network activity
any property read

This is likely to change from the implementation as things develop, so please review this code if you must know precisely, or perform experiments until you are satisfied with its operation.

Returns:

a java.lang.SecurityManager

[search for examples] [view on GitHub] [view on old javadoc] [view source]