Reputation: 10713
How to protect Java application from internally running custom code?
I develop the container-like application which can accept custom JARs and run some classes from these JAR archives. And I wanr to protect my application from this custom code.
I've found SecurityManager and Policy classes there, but I still don't know how to protect my application from stack overflow attacks and so on.
I've found Runtime class, but I cannot use the separate process because I need to have the instance of the custom class in my application.
What instrument should I use? Or, maybe, I should change the architecture of my application?
Upvotes: 3
Views: 93
Answers (2)
Reputation: 147154
If you have to do this, it seems better to go for a "chroot jail" or the full virtualisation. (Neither of which I no much about.)
Upvotes: 0
Reputation: 4000
I think you are trying to achieve what Google did with GAE. It's not a simple subject to be addressed here so I suppose this paper could be of help.
Upvotes: 2
Related Questions
- Sandbox against malicious code in a Java application
- Prevent Java Application from performing malicious activities
- Runtime Application Self Protection (RASP)
- Sandbox Java code before compiling?
- Protect my java application from being copied
- Without modifying the JRE source code, is there a way to cause the Java VM to only execute local code?
- Security: Restrict internal access by third-party software
- solution to prevent java application from being reverse engineered- maybe some form of encryption
- Execute external Java source code on server - limit security and resources?
- Security - Stop people using my program without authorization