Reputation: 1235
Is it possible to disallow the use of ENV
and ENV_JAVA
in JRuby? I allow user supplied ruby code to run in servers, and I believe allowing them to use ENV
and ENV_JAVA
is not a very good idea.
I was able to disallow the use of System.get/setProperty()
using Java's Security Manager, but I haven't had much success in this case.
Thanks in advance!
Upvotes: 1
Views: 302
Reputation: 3315
This should do the trick:
class Object
remove_const :ENV
remove_const :ENV_JAVA
end
Upvotes: 3