I've been looking at this:
http://calumleslie.blogspot.com/2008/06/simple-jvm-sandboxing.html
regarding sandboxing the JVM. However, that was written three (four?) years ago now, and is for Java. I haven't managed to find anything more recent or specific.
I know I could probably do the same thing for Scala, but I was wondering if Scala had any inbuilt sandboxing capabilities? The use case is to do scripting and configuration in Scala (like how Lift does it) while still maintaining security (i.e. preventing config.scala opening network sockets or reading from the hard disk). Does anyone have any experience doing this?
You use the same mechanism as in Java: install a SecurityManager . The default ClassLoader will give loaded code a "read" FilePermission for its own classpath and an "exitVM" RuntimePermission; other actions require permissions.
Related
I have some extra security considerations from a normal job. I usually use sbt to build and I will give it some libraries to grab from a Maven repository. But now, I'm unable to use a lot of external libraries, and I'm unsure at this point if I will be able to go out to Maven to get the Spark libraries that I might need. Even if I were to get the external libraries, there would be a vetting process that would take months for each library. Has anyone been in a similar situation? From the standpoint of not being able to use external libraries, can anyone share what they did to have a successful suite of Spark jobs to do there data munging and data science on a hadoop cluster?
I think there isn't a standard solution for your problem within the context you exposed. It depends on how much you go with external dependencies and what you really need. And I give you an example: parsing csv rows and construct dataframe/datasets or rdd. You have plenty of options:
use external library (from databricks or others)
rely on your code and do it by hand, so no external dependency
rely on spark newer versions that knows how to deal with csv
If you have a hadoop cluster than all the spark runtime environment already contains plenty of libraries that will be loaded (json manipulation, networking, logging, just to name a few). Most of your business logic inside your spark jobs can be done with those.
I give you some examples on how I have approached the problem with external dependency although I did'n have any security constraints. In one case we had to use Spring dependency within our Spark application (cause we wanted to update some relation tables), so we got a fat jar with all spring dependencies and they were many. Conclusion: got a lot of dependency for nothing (horror maintaining it :) ). So that was not a good approach. In other case we had to do the same thing, but then we kept the dependency at minimum (the most simple thing that can read/update a table with a jdbc). Conclusion: the fat jar was not that big, we kept only what was really needed, nothing more nothing less.
Spark already provides you with a lot of functionalities. Knowing a external library that can do something does not mean that spark can't do it with what is has.
A security flaw in Groovy was detected in versions 1.7 to 2.4.3:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
Does this affect "typical" Grails projects that retrieve data from user input (web forms), the DB, web services, etc. and assume this is all text, not serialized objects? In other words, is there any of this happening implicitly that we should be aware of?
Otherwise, what should we look for to ensure this bug isn't affecting us?
Grame has an issue for exactly this, but noone has been able to show any way to exploit it in a Grails app yet: https://github.com/grails/grails-core/issues/9113
In short: "the plan is 2.5.1 and 3.0.4 will have Groovy 2.4.4"
I have a question regarding Java EE security best practices.
What are the advantages and disadvantages of using either annotations or a deployment descriptor to define Security for a web application?
Are there cases where you favor one over the other?
Thank you in advance :)
Well, it is mater of fashion. Some years ago there was massive movement "to sepearate application instrumentation from the programming" (you can read, for example, spec of EJB, where there is special role for this even, this person is not have to be even programmer). In this way use of XML was indorsed (instead of plain txt file or property files). And than annotations bring back those XML file to the code. I think it is due the mass in Spring framework. It was really hard to configure application (there was no good way to "debug" your configuration). Using annotation is "lightweight" way to make configuration. In simple scenarios you can skip defining relationships between your components, because they can be inferred from you code elements.
Using annotations is elegant (you do not require additional XML files) but requires to recompile your code every time you made a change.
As stated in the title, I would like to know if it's safe to develop a website using one of the actuals "omg" platforms that are Node.js and Ringo.js at their actual version.
Also, I would like to know if they support cookies/sessions and how do they deals with multi-fields post (fieldname[] in PHP).
Thank you
--Edit--
Thanks for all the links guys.
What can you tell me about Ringojs ?
Since I haven't figured which platform to start playing with. I must admit that the fact it can use Java seamlessly really impress me. The only available XSLT 2.0 library is in Java. I could use it as a templating system.
Is there anyone who had the chance to play with Ringojs?
From my experience using both, Ringo is more stable and "safer" for production use but you can comfortably deploy both. In addition to the ability to wrap existing Java libraries that you mention, you also get the benefit of being able to run it in an existing webapp container which manages the lifecycle of the application for you and ensures its availability.
That being said, it doesn't have to be an either or decision. By using my common-node package and assuming you don't use any Java libraries, it's perfectly feasible to maintain a project that runs on both without any changes to the code.
I've also included benchmarks that test the performance of Node.js vs. RingoJS the results of which you can find in the common-node/README.md. To summarize: RingoJS has slightly lower throughput than Node.js, but much lower variance in response times while using six times the RAM with default Java settings. The latter can be tweaked and brought down to as little as twice the memory usage of Node with e.g. my ringo-sunserver but at the expense of decreased performance.
Node.js is stable, so yes it's safe to use. Node.js is capable of handling cookies, sessions, and multiple fields but are not as easy to manage. Web frameworks solve this problem.
I recommend Express.js, it's an open-source web framework for Node.js which handles all of this and more.
You can download it here:
https://github.com/visionmedia/express
I hope this helped!
Examples of some of the bigger sites running Node.js
https://www.learnboost.com/
http://ge.tt/
https://gomockingbird.com/
https://secured.milewise.com/
http://voxer.com/
https://www.yammer.com/
http://cloud9ide.com/
http://beta.etherpad.org/
http://loggly.com/
http://wordsquared.com/
Yes. It is. https://github.com/joyent/node/wiki/Projects,-Applications,-and-Companies-Using-Node and https://github.com/joyent/node/wiki/modules
cookies/sessions/forms etc http://expressjs.com/ makes it easier
Ringojs is a framework developed by Hannes Wallnöver and uses rhino as it's scripting framework. There are webframeworks, templating-engines, orm-packages and many many more things already available. Have a look at the tutorial featuring a good subset of packages you may use for a simple web-application. It's not too long and straightforward.
Even thought some of those packages used within the tutorial (e.g. ringo-sqlstore]) are marked as 0.8 and come with the hint "consider this being beta" they are already very stable and bugs - if you find one - get fixed or commented on very fast.
And the power of uncountable java-libraries out there is at your fingertips - so if you already have java-knowledge this knowledge isn't wasted. Rhino - the scripting-engine - even enables you to implement interfaces and extend classes. It is possible a little more advanced but i've done it and i know of packages taking advantage of such features (like ringo-ftpserver which is a wrapper around Apache FtpServer written in java)
Another pro for me is - because ringojs is based on java - it works fairly well with multithreading with ringo/worker for example.
I am going to work on the OSGi-based Embedded/Mobile applications. I have some confused questions need to be clarified.
(1) Can Equinox run on J2ME environment or not?
(2) How to start the Equinox OSGi container under the pure J2ME environment (not JDK and JRE installed)?
(3) Can I use some external jars / Third party's jars (which is based on JRE classes) for the embedded application?
Thank you!
Java ME is something of an "embedded" environment, meaning amongst other things that there is generally not as much memory to run in or storage space. At one time there were application size limits.
What this means is that instead of trying to dump big, fat, J2SE jars into a device with limited capabilities, perhaps you should try rethinking what you are trying to accomplish.
Also consider that the version of Java that mobile phones run is fairly limited, so many 'regular' Java applications and libraries will not work there.
You can include jars in your applications, by taking their contents and dumping them in the jar you create.
In other words, you have to think differently about Java ME - it's not the bloated world that most Java stuff inhabits.
I don't know much about Equinox OSGi but, as I found from it's web page, it's looks like support OSGi MEG. Then it could run on mobile devices with Java ME CDC runtime not CLDC.
OSGi should depends on features of CDC VM as like dynamic class loading, refelection or else.
Please find phoneME CDC project (phoneME advanced) from here.